Endpoint Security

Conceal – A Comprehensive Browser Security and Malware Isolation Platform Conceal (with its core product, ConcealBrowse) is a Browser Security solution. Its primary mission is to prevent ransomware, social engineering, credential theft, and protect corporate data right within any web browser (Chrome, Edge, Firefox, Chromium, etc.). Key Features: AI-Powered Phishing Detection & Protection: Utilizes an AI-driven dynamic detection engine to analyze browser content in real time, automatically identifying and blocking phishing attempts. Selective Remote Browser Isolation (RBI): ConcealBrowse intelligently assesses the risk profile of Internet traffic and routes it into three distinct pathways: Allow: Safe URLs are accessed normally. Block: Known malicious content is blocked immediately. Isolate: Suspicious or unknown traffic is redirected into a secure isolation environment (a software-defined virtual network) for seamless processing without disrupting the user experience. Data Loss Prevention (DLP): Enforces stringent security policies within the isolated environment, controlling and restricting high-risk actions that could lead to data leakage, such as copy/paste operations or file uploads/downloads. Risky User Monitoring: Tracks and detects potentially unsafe behaviors of employees (e.g., high frequency of isolation triggers, accessing blocked sites) to deliver real-time alerts to SOC and IT teams. Centralized Policy Enforcement: Allows IT administrators to deploy and manage uniform security rules across all enterprise browsers, eliminating security gaps caused by inconsistent configurations. Out-of-the-Box Integration: Designed as a lightweight browser extension that is easy to deploy and natively integrates with an enterprise’s existing security infrastructure, including SIEM, Threat Intelligence, Firewalls, and EDR/XDR/MDR solutions.

CyCraft – A Comprehensive AI-Driven Cybersecurity Automation Platform CyCraft is a premium cybersecurity platform from Taiwan, pioneering the use of Artificial Intelligence (AI) to automate up to 70% of SOC operations. It empowers enterprises to achieve Digital Resilience against sophisticated Advanced Persistent Threats (APTs). Key Features and Solutions: Automated Incident Response & Forensics: Leverages AI to automatically investigate, analyze behavior, and correlate events into an intuitive “Storyline,” reducing incident remediation time from days to mere minutes. Comprehensive Attack Surface Management (XCockpit): XCockpit Endpoint (EDR/MDR): Provides continuous monitoring, proactive threat hunting, and ultra-lightweight forensic data collection at endpoints. XCockpit EASM: Actively scans and discovers vulnerabilities and exposed digital assets of the enterprise across the Internet. XCockpit IASM: Manages risks and misconfigurations associated with user identities and privileged accounts. Security for the AI Era (XecGuard & XecART): Provides guardrails and firewalls to protect LLMs and AI Agents against data leakage and prompt injection attacks, alongside automated penetration testing tailored for AI systems (AI Red Teaming). Battle-Tested Threat Intelligence (CyberTotal): Integrates a high-quality threat intelligence repository, trained on some of the world’s most complex cyberattacks originating in East Asia.

Cybereason – A Comprehensive EDR/XDR Platform for Endpoint Protection and On-Premises Incident Response Cybereason is a unified EDR/XDR platform that enables enterprises to effectively detect, investigate, and respond to cyber threats across endpoints, cloud environments, user identities, and IT infrastructure. Leveraging behavioral analysis and response automation, Cybereason empowers SOC teams to swiftly identify and mitigate attacks before they impact business operations. Cybereason supports flexible EDR deployment options, including both on-premises and cloud-based models, catering to the diverse needs and operational frameworks of customers. Key Features: EDR/XDR Platform: Provides continuous monitoring and threat detection across the entire enterprise infrastructure. EDR & NGAV: Protects endpoints against malware, ransomware, and advanced cyber attacks. Threat Detection & Investigation: Visualizes, correlates, and investigates attack indicators with deep visibility. Automated Response: Automatically isolates and remediates incidents to minimize risk exposure. Managed Detection & Response (MDR): Delivers 24/7 continuous monitoring and response support led by cybersecurity experts. Cybereason helps enterprises elevate their defensive capabilities, drastically reduce Mean Time to Detect (MTTD) and Mean Time to Remediate (MTTR), and optimize the operational efficiency of their cybersecurity teams.

Nextron Systems is a German cybersecurity vendor specializing in Compromise Assessment, Threat Hunting, and Incident Response solutions for endpoint systems. Unlike traditional Antivirus or EDR solutions that focus primarily on threat prevention, Nextron is designed to answer a critical question: “Has your system already been compromised or is it currently under an undetected attack?” Nextron’s solutions leverage a comprehensive threat intelligence repository containing over 30,000+ YARA rules, 4,000+ Sigma rules, and thousands of IOCs to detect malware, APTs, ransomware, web shells, hacking tools, and traces of compromise that traditional security solutions might miss. Nextron’s Featured Product Portfolio Includes: THOR: An advanced Compromise Assessment and Threat Hunting scanner that detects signs of intrusion across Windows, Linux, macOS, and AIX platforms. AURORA: A Sigma-based Endpoint Detection Agent that enables real-time monitoring and anomaly detection with low resource consumption. ASGARD: A centralized management platform for deploying, orchestrating, and analyzing scan results at scale. VALHALLA: A high-quality YARA and Sigma rule repository, continuously updated by Nextron’s research team. With its capability to detect advanced attack signatures, support incident investigations, and validate system integrity, Nextron is the ideal choice for SOCs, Incident Response teams, Threat Hunting teams, and enterprises looking to enhance their endpoint threat detection capabilities.

Veramine Advanced Endpoint Security, for SOC, MSSP and IT managers, can be On-premise or Cloud-based, and have handled several real-world cyber attacks, for important and big organizations in US and Asia, consists of the following: – Veramine Endpoint Detection and Response (VEDR) – Veramine Dynamic Deception System (VDDS) – Veramine Insider Threat Prevention (VITP) EFFICIENT, INTELLIGENT ENDPOINT COLLECTION The strength of an endpoint product depends on the scope and integrity of its visibility into endpoint behavior.  The Veramine sensor leverages user and kernel mode components to safely and reliably gather and pre-process security-relevant system events. It relies on techniques that minimize negative impact on system stability and limit the probability of other security products reporting false positives related to Veramine sensor. The strength of the rule-based detection algorithms is continually increasing. Veramine aims to have the industry’s widest coverage of Mitre’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix.   You can see the current coverage of the ATT&CK matrix on the Veramine Detections wiki at https://github.com/veramine/Detections/wiki. ACCELERATE INTRUSION RESPONSE The Veramine platform provides control and response features to enable rapid, effective incident response from a central console.  Analysts can send response actions to the Veramine sensor to interact with binaries and hosts as follows: •   Prevent a binary from being loaded by any process. •   After a binary has been loaded, prevent the loading process from making outbound network connections. •   Shutdown, Restart, or Hibernate the machine. •   Prevent the host from making outbound network connections to destinations other than the server. •   Uninstall the sensor. KEY CUSTOMER BENEFITS: •   Gain complete visibility into all of your endpoints, regardless of whether they are currently on or off your network. •   Continuously monitor endpoints and receive prioritized alerts of anomalous behavior and attacks in real-time. •   Quickly install on any Windows host by simply executing the install binary, no configuration necessary on each host. •   Maintain local control of all collected data in your own data center (on prem), or store in Veramine’s Cloud (Azure). •   Efficiently store collected information long-term (effectively forever) to allow easy reference and replay in the future. •   Stores a copy of every binary ever loaded on any endpoint by any process. •   Search through memory of every running process using Yara expressions. •   One click access to individual process memory snapshot or full system dump. •   Respond to attacks by isolating an individual process or system from the network, disconnecting a user, or preventing a file from being loaded. •   Reduce cost of IR and forensics by collecting all security-relevant host  information preemptively. •   Using Centralized Technologies for Security Analysis and Processing. •   Providing Closed UI/UX for Investigating Attacks, with an iterated process: Detection – Investigation – Response. Veramine Dynamic Deception System (VDDS) Dynamic Deception System (VDDS), a Platform of Traps, such as Deceptive services, processes, mutexes, credentials, network listeners, data shares…, as Active Defense to Detect and Prevent attacks Veramine Insider Threat Prevention (VITP) Insider Threat Prevention (VITP), combining Advanced Controls of Users, Data and Devices, such as Key loggers, Screenshots, USB Tracking and Permissions, Digital Forensics using Velociraptor…

TrapX DeceptionGrid™ The only Trap Platform that offers comprehensive protection and total coverage at scale. With low-resource automation technology provides uninterrupted support for multiple systems and devices, including IT, OT, IoT, SCADA, ICS, SWIFT, while delivering immediate time value ie. The Advanced Deception Platform can be deployed on both the Cloud and on-premises. Detect and redirect attacks with instant visibility. The only Trap Platform that delivers comprehensive protection and coverage at scale. The lightweight, touch-less technology provides uninterrupted support for multiple systems and devices, including IT, OT, IoT, SCADA, ICS, SWIFT, and delivers immediate time value. Problems we solve Traditional Trap solutions are resource-intensive, complex to deploy, and forced to choose between guarding a single device or sharing protection load across multiple devices, with poor scalability. Technical and implementation limitations Other solutions offer limited trap options and are limited by lower traps per device. Customers are forced to choose between scale and detailed information Finite trap coverage reduces the credibility of the lure. Difficult to deploy, integrate, and manage Deceptions based on highly interactive machines are costly and use a lot of system resources. Full OS licensing traps that increase costs Need regular patching, maintenance, monitoring Depends on endpoint agents With the rise of remote working and unmanaged devices, the proliferation of IoT devices that integrate with OT, agent-based solutions are obstacles to deployment and extension. Scaling planning, time required for any endpoint disruption Agents cannot be used for IoT, OT, and other devices A unified, far-reaching platform Unlimited Deceptions – With Full Visibility, Protection, and Scalability Simulated traps are our unified platform The only solution that fully integrates lures, traps, and interactive Deception technology in a single platform Built for scalability across any environment for end-to-end accessibility Detect physical, automated, and malware attacks. Provides endpoint, lateral movement, IT, OT, IoT, SCADA, ICS, and SWIFT visibility with easy integration. Real-time-based incident response automation An advanced alerting system that combines attack analysis and threat intelligence to provide real-time incident prevention and mitigation information. Made for quick, simple, streamlined deployment The technology can be deployed on both the Cloud and internally, and hundreds to thousands of traps can be triggered in just a few minutes, giving the network back valuable time quickly. Designed for flexible business expansion Can emulate on virtually all environments, from small networks to software multitasking clouds, hundreds of VLANs per device to unlimited VLANs. Designed for uninterrupted operation Out-of-band approach technology that requires no agent, no processing, or endpoint computes for the uninterrupted deployment of even the most advanced functionality.

Singularity Complete: Consolidating Vital Security Functions. Designed for organizations seeking single-agent enterprise-grade prevention, detection, response and hunting across endpoint, cloud, and IoT coupled with critical automations. One Platform Solving More Problems Organizations want more capability, less complexity, and fewer agents. SentinelOne delivers with rich EPP features within Singularity Complete. One Agent for Consolidation Efforts Singularity Complete includes full featured enterprise-grade EDR. Complete includes NGAV and behavioral AI to stop known and unknown threats. Complete includes suite features like network control, USB device control, and Bluetooth device control. Complete includes Rogue identification and can be instrumented for full network attack surface protection with Ranger IoT. Storyline Automates Visibility Storyline creates context in real time at the source: Windows, Mac, Linux, and Kubenetes cloud-native workloads. Storyline enables efficient hypothesis testing leading to fast RCA conclusions. Process re-linking across PID trees and across reboots preserves precious context. S1QL query language enables intuitive searches and hypothesis-based hunting. ActiveEDR Automates Response ActiveEDR responses are part of the same code base as prevention mechanisms. Resolve threats with 1-Click and without scripting on one, several, or all devices across the entire estate. Mark benign findings as threats for the same real-time automatic, 1-Click remediation. Automated Storyline Active Response (STAR) watchlists keep a constant watch for noteworthy and customizable situations needing a deeper look. Single API with 350+ functions provides a basis for further automation. Hunter’s Toolkit High performance, industry leading historical EDR data retention. 14 to 365 days visibility. Deep Visibility Storyline pivot and hunt by MITRE ATT&CK® technique. Customizable network isolation Secure Remote Shell (full Windows Powershell. Standard Mac & Linux bash). Manual and auto file fetch of malicious and benign files for Windows, Mac, Linux. Optional sandbox integrations for additional dynamic analysis. MDR Services Integration Vigilance MDR, our in-house global SOC, ensures every threat is reviewed, acted upon, documented, and escalated to you only when needed. Vigilance MDR PRO adds digital forensics investigative services (DFIR) for extended deep analysis and response. SentinelOne Readiness provides deployment assistance and quarterly ONEscore estate health grades and opportunities for improvement.

THOR là công cụ đánh giá sự thỏa hiệp phức tạp và linh hoạt nhất trên thị trường. Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. THOR tăng tốc quá trình phân tích điều tra của bạn với hơn 17.000 chữ ký YARA thủ công, 400 quy tắc Sigma, nhiều quy tắc phát hiện bất thường và hàng nghìn IOC. Trọng tâm là hoạt động hack Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. THOR tăng tốc quá trình phân tích điều tra của bạn với hơn 17.000 chữ ký YARA thủ công, 400 quy tắc Sigma, nhiều quy tắc phát hiện bất thường và hàng nghìn IOC. Triển khai linh hoạt Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. Các hoạt động ứng phó sự cố thường bắt đầu với một nhóm hệ thống bị xâm nhập và thậm chí một nhóm hệ thống lớn hơn có thể bị ảnh hưởng. Việc phân tích thủ công nhiều hình ảnh pháp y có thể là một thách thức. THOR tăng tốc quá trình phân tích điều tra của bạn với hơn 17.000 chữ ký YARA thủ công, 400 quy tắc Sigma, nhiều quy tắc phát hiện bất thường và hàng nghìn IOC.