Veramine Advanced Endpoint Security
Veramine Advanced Endpoint Security, for SOC, MSSP and IT managers, can be On-premise or Cloud-based, and have handled several real-world cyber attacks, for important and big organizations in US and Asia, consists of the following: – Veramine Endpoint Detection and Response (VEDR) – Veramine Dynamic Deception System (VDDS) – Veramine Insider Threat Prevention (VITP) Veramine …
Thông tin sản phẩm
Veramine Advanced Endpoint Security, for SOC, MSSP and IT managers, can be On-premise or Cloud-based, and have handled several real-world cyber attacks, for important and big organizations in US and Asia, consists of the following:
– Veramine Endpoint Detection and Response (VEDR)
– Veramine Dynamic Deception System (VDDS)
– Veramine Insider Threat Prevention (VITP)
Veramine Endpoint Detection and Response (VEDR)
The Veramine platform efficiently collects all security-relevant events via an intelligent, lightweight (<1% CPU) Windows host-based sensor and sends those events to a cloud-based or customer-hosted server.
Endpoint Detection and Response (VEDR), a main anti-APT tool set, with many unique features such as Yara memory search, to effectively provide Detection, Investigation, Response, Data Collection…
The server uses advanced heuristics and machine learning algorithms to detect attacks such as Mimikatz style password dumping, kernel-mode exploitation (local privilege escalation), process injection, unauthorized lateral movement, and other attacker activities.
EFFICIENT, INTELLIGENT ENDPOINT COLLECTION
The strength of an endpoint product depends on the scope and integrity of its visibility into endpoint behavior. The Veramine sensor leverages user and kernel mode components to safely and reliably gather and pre-process security-relevant system events. It relies on techniques that minimize negative impact on system stability and limit the probability of other security products reporting false positives related to Veramine sensor.
AUTOMATIC DETECTION OF UNKNOWN THREATS
The sensor data streams are continuously analyzed by the Veramine server using a variety of rule-based and machine learning algorithms to identify anomalous behavior. This comprehensive visibility into security-relevant endpoint behavior allows the server-side detection engine to detect a wide variety of cybersecurity threats, including file-less attacks leveraging only built-in tools and sophisticated malware engineered to evade detection.
The strength of the rule-based detection algorithms is continually increasing. Veramine aims to have the industry’s widest coverage of Mitre’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix. You can see the current coverage of the ATT&CK matrix on the Veramine Detections wiki at https://github.com/veramine/Detections/wiki.
EASILY SEARCH FOR INDICATORS OF ATTACK
The stream of sensor data is certainly useful for detection. However, the collected information is also presented via the customer portal after being correlated and augmented with additional context. The portal allows users to perform ad-hoc searches to discover answers that facilitate and empower reactive intrusion response investigations and also to enable effective proactive threat hunting. Some customers have referred to this capability as “like a web-based SysInternals Process Explorer running on every host”.
ACCELERATE INTRUSION RESPONSE
The Veramine platform provides control and response features to enable rapid, effective incident response from a central console. Analysts can send response actions to the Veramine sensor to interact with binaries and hosts as follows:
• Prevent a binary from being loaded by any process.
• After a binary has been loaded, prevent the loading process from making outbound network connections.
• Shutdown, Restart, or Hibernate the machine.
• Prevent the host from making outbound network connections to destinations other than the server.
• Uninstall the sensor.
KEY CUSTOMER BENEFITS:
• Gain complete visibility into all of your endpoints, regardless of whether they are currently on or off your network.
• Continuously monitor endpoints and receive prioritized alerts of anomalous behavior and attacks in real-time.
• Quickly install on any Windows host by simply executing the install binary, no configuration necessary on each host.
• Maintain local control of all collected data in your own data center (on prem), or store in Veramine’s Cloud (Azure).
• Efficiently store collected information long-term (effectively forever) to allow easy reference and replay in the future.
• Stores a copy of every binary ever loaded on any endpoint by any process.
• Search through memory of every running process using Yara expressions.
• One click access to individual process memory snapshot or full system dump.
• Respond to attacks by isolating an individual process or system from the network, disconnecting a user, or preventing a file from being loaded.
• Reduce cost of IR and forensics by collecting all security-relevant host information preemptively.
• Using Centralized Technologies for Security Analysis and Processing.
• Providing Closed UI/UX for Investigating Attacks, with an iterated process: Detection – Investigation – Response.
Veramine Dynamic Deception System (VDDS)
Dynamic Deception System (VDDS), a Platform of Traps, such as Deceptive services, processes, mutexes, credentials, network listeners, data shares…, as Active Defense to Detect and Prevent attacks
Veramine Insider Threat Prevention (VITP)
Insider Threat Prevention (VITP), combining Advanced Controls of Users, Data and Devices, such as Key loggers, Screenshots, USB Tracking and Permissions, Digital Forensics using Velociraptor…