DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that all endpoint activity is potentially malicious, we watch and record every activity and investigate potentially malicious signals leveraging proprietary attack pattern and behavioral analytics, not merely signatures or IOCs. We ensure that threats are detected, which empowers esentire security analysts to: WHAT DOES ESENDPOINT HELP YOU SOLVE? Limited endpoint visibility on/off the network Inadequate detection capabilities of known and unknown threats Prolonged incident dwell time Alert fatigue: Chasing too many false positives Lack of in-house expertise to proactively hunt and respond to threats Alert you to confi rmed and suspicious activity Visualize the full attack chain BENEFITS Isolate threats on your behalf Stop attackers earlier in the kill chain Conduct post-attack analysis Aid in co-managed remediation As a result, your organization can minimize the detection to recovery timeframe, mitigating the risk of a potential breach that could affect your organization and the clients you serve. Provides full endpoint visibility: Who, what, why and how it happened Reduces risk associated with the human factor Vastly reduces detection to recovery timeframe Results in greater security investment ROI Complements traditional anti-virus Satisfi es compliance requirements WHAT DOES ESENDPOINT DETECT? Zero-day File-less Advanced Obfuscated Lateral Abnormal persistent executables movement behaviour threats
DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that all endpoint activity is potentially malicious, we watch and record every activity and investigate potentially malicious signals leveraging proprietary attack pattern and behavioral analytics, not merely signatures or IOCs. WHAT DOES ESENDPOINT HELP YOU SOLVE? Limited endpoint visibility on/off the network Inadequate detection capabilities of known and unknown threats We ensure that threats are detected, which empowers esentire security analysts to: Alert you to confi rmed and suspicious activity Visualize the full attack chain Isolate threats on your behalf Prolonged incident dwell time Alert fatigue: Chasing too many false positives Lack of in-house expertise to proactively hunt and respond to threats Stop attackers earlier in the kill chain Conduct post-attack analysis Aid in co-managed remediation BENEFITS Provides full endpoint visibility: Who, what, why and how it happened As a result, your organization can minimize the detection to recovery timeframe, mitigating the risk of a potential breach that could affect your organization and the clients you serve. Reduces risk associated with the human factor Vastly reduces detection to recovery timeframe Results in greater security investment ROI Complements traditional anti-virus Satisfi es compliance requirements WHAT DOES ESENDPOINT DETECT? Zero-day File-less Advanced Obfuscated Lateral Abnormal persistent executables movement behaviour threats
DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that all endpoint activity is potentially malicious, we watch and record every activity and investigate potentially malicious signals leveraging proprietary attack pattern and behavioral analytics, not merely signatures or IOCs. WHAT DOES ESENDPOINT HELP YOU SOLVE? Limited endpoint visibility on/off the network Inadequate detection capabilities of known and unknown threats We ensure that threats are detected, which empowers esentire security analysts to: Alert you to confi rmed and suspicious activity Visualize the full attack chain Isolate threats on your behalf Prolonged incident dwell time Alert fatigue: Chasing too many false positives Lack of in-house expertise to proactively hunt and respond to threats Stop attackers earlier in the kill chain Conduct post-attack analysis Aid in co-managed remediation BENEFITS Provides full endpoint visibility: Who, what, why and how it happened As a result, your organization can minimize the detection to recovery timeframe, mitigating the risk of a potential breach that could affect your organization and the clients you serve. Reduces risk associated with the human factor Vastly reduces detection to recovery timeframe Results in greater security investment ROI Complements traditional anti-virus Satisfi es compliance requirements WHAT DOES ESENDPOINT DETECT? Zero-day File-less Advanced Obfuscated Lateral Abnormal persistent executables movement behaviour threats
DATA SHEET esendpoint Next-gen endpoint threat detection and response esendpoint powered by Carbon Black eliminates endpoint blind-spots that traditional technologies miss. Operating on a philosophy that all endpoint activity is potentially malicious, we watch and record every activity and investigate potentially malicious signals leveraging proprietary attack pattern and behavioral analytics, not merely signatures or IOCs. We ensure that threats are detected, which empowers esentire security analysts to: Alert you to confi rmed and suspicious activity Visualize the full attack chain Isolate threats on your behalf Stop attackers earlier in the kill chain Conduct post-attack analysis Aid in co-managed remediation As a result, your organization can minimize the detection to recovery timeframe, mitigating the risk of a potential breach that could affect your organization and the clients you serve. WHAT DOES ESENDPOINT HELP YOU SOLVE? Limited endpoint visibility on/off the network Inadequate detection capabilities of known and unknown threats Prolonged incident dwell time Alert fatigue: Chasing too many false positives Lack of in-house expertise to proactively hunt and respond to threats BENEFITS Provides full endpoint visibility: Who, what, why and how it happened Reduces risk associated with the human factor Vastly reduces detection to recovery timeframe Results in greater security investment ROI Complements traditional anti-virus Satisfi es compliance requirements WHAT DOES ESENDPOINT DETECT? Zero-day File-less Advanced Obfuscated Lateral Abnormal persistent executables movement behaviour threats
HOW DOES IT WORK? esendpoint watches and records everything on the endpoint using Carbon Black Response. API-integrated detection and investigation capabilities are combined with esentire s signal enrichment, processing and advanced analytics empowering esentire security analysts to: Investigate Root Cause Where and how the attack originated Determine Impact of Attack What exactly needs remediation Identify Patterns of Compromise To identify common bad behaviors Tactically Contain the Threat Isolate the threat on your behalf Determine the Full Scope Identify every endpoint the attack landed on, including what happened in the past Co-Remediation Work with your internal teams to get you back to a known state of good File modifications Cross-process events Registry modifications Watch and Record Everything File executions Copy of every executed binary Network connections esendpoint TELEMETRY File: Access, Modification, Deletion Registry: Access, Modification, Deletion Every Executed Binary Network Connections Cross-process Events Process Creation Thread Creation Inter Process Communication URL 5
FEATURES MONITORING AND VISIBILITY 24x7x365 Coverage: Continuous monitoring of endpoints on and off the network Captures All Activity: Acts as a black box flight recorder continuously recording, centralizing and retaining vital endpoint activity DETECTION, ANALYSIS AND INVESTIGATION Detects and Scopes Cyber-Attacks in Minutes: Active Threat Hunting All endpoint activity that has not been seen before is reviewed by a human analyst Catches Threats Other Technologies Miss Unusual signals are fed into esentire s analytics pipeline and suspicious activity is identified based upon behavioral abnormalities Attack Chain Visualization: Analysts leverage event and forensic information to conduct post-attack forensics that aid in co-managed remediation of affected devices Endpoint Threat Intelligence: Leverages 200+ source feeds and esentire s own Threat Intelligence which is aggregated and correlated daily and delivered automatically to the esendpoint server RESPONSE Rapid Communication: Immediate alerting of both confirmed threats and unusual behaviors or activity Tactical Threat Containment on Your Behalf: Host isolation is performed on your behalf by locking down and isolating compromised endpoints to prevent lateral spread Forensic Investigation: Detailed analysis is performed on the attack to understand the who, what, where, when and why to enable focused remediation efforts Co-Managed Remediation: Analysts provide co-managed remediation until the threat actor is completely eliminated MANAGEMENT AND SUPPORT No Maintenance: esentire provides and maintains the hardware and technology Portal and Reporting: Weekly Alert Reports and Security Portal Dashboard are available for continuous process improvement and visibility Quarterly Business Review: esentire Customer Engagement Team reviews the alerts and findings/ advisories of the last quarter for continued process improvement Device and System Support: Secures Mac, Linux and Windows devices for local and remote users with no performance impact to the endpoints 6
ESENTIRE VS. OTHER SECURITY PROVIDERS Other MDR esentire MDR 24x7 continuous monitoring, recording and centralizing activity Limited Detection utilizing signatures and IOCs Detection of unknown leveraging patterns and behavioral analytics Limited Active threat hunting Full forensic analysis to confirm threat and eliminate false positives Alerting of suspicious behavior Limited Requires a IR Retainer Limited Alerting of confirmed threats Tactical threat containment on client s behalf via host isolation to stop lateral spread Remediation recommendations Full support until incident is remediated and threat actor is eliminated Requires an IR Retainer MAKE THE CASE FOR esendpoint Active Threat Hunting We assume all endpoint signals are potentially malicious and proactively hunt for the needle in the haystack. Elimination of False Positives We support your team by ensuring alerts and responses are directed to the threats that matter. Threat Intelligence We integrate intelligence from our Managed Detection and Response (MDR) platform that detects threats that bypass traditional controls and distribute proactive measures to all esendpoint clients. Machine Learning and Behavioral Analytics We ensure you re protected against that go beyond signatures using advanced analytics that are not part of standard endpoint detection solutions. Economies of Scale and Endpoint Experts We analyze tens of thousands of endpoints every day and continuously train our experts on the latest TTPs used by attackers to bypass traditional controls. Better Together We correlate both endpoint and network information during investigations to reveal the full picture of what happened and deliver timely and focused incident response. 7
esendpoint IN ACTION An Adversary on the Network For one of esentire s clients, technology wasn t enough to stop a targeted threat actor from infi ltrating its network. With the help of esentire Managed Detection and Response and a team of dedicated security analysts and experts, one esentire client narrowly avoided an adversary attack. Read the full report In the Nick of Time In March 2017, a new client employed esendpoint powered by Carbon Black. Within the fi rst three days, our Security Operations Center (SOC) was alerted of an endpoint breach. Read the full report Vawtrak Banking Troan An esentire client experienced the value of esnetwork and esendpoint fi rsthand when the esentire Security Operations Center (SOC) detected abnormal activity on an individual s computer and quickly took action to investigate. Read the full report NEXT STEPS Put esentire MDR to the test Learn more about esentire Advisory Services Learn more about esentire MDR Access free cybersecurity tools and resources esentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber- that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than $5 trillion in corporate assets, esentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @esentire.