1 / 80

End Point Technologies

End Point Technologies. End Point Technologies. End-Point Challenges. EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or post infection scans Hardware and Human resource cost

lola
Download Presentation

End Point Technologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. End Point Technologies

  2. End Point Technologies End-Point Challenges EPP Efficacy Threats are breaking thru EPP at an increasing rate Rise in threats discovered by users or post infection scans Hardware and Human resource cost Increased “Time Exposed to Danger” (TED) as advanced threats avoid detection and cleanup Signature models create unnecessary problems Mutual EPP Exclusivity As EPP products attempt to “punch above their weight” they are operating at the limits of their design parameters. As a result very few EPP products will co-exist denying customers the opportunity to improve protection by doubling up. Vendor Research Capacity Vendors no longer “have eyes” for low volume threats allowing high risk targetedattacks to go undetected Poor/Non Existent EPP Security Intelligence EPP designed as a protection layer with little or no surveillance capabilities Lack of Intelligence makes Security Breach Detection and Management time consuming and unreliable and makes auditing all but impossible

  3. End Point Technologies Meeting the Challenges EPP Efficacy Inverted signature model, EPP client calculates ALL object signatures and feeds them to the center Powerful generic detection and cleanup leveraging centralized intelligence Rapid un-intrusive scanning technology covering all forms of malware including rootkits Small footprint with low technology and human resource overheads Reduce “Time Exposed to Danger” (TED) Mutual EPP Exclusivity Widest possible interoperability, by design Vendor Research Capacity Automation and linear scalability, by design – Prevx currently process 250,000 new objects /day Poor Security Intelligence Monitor all software then decide what is benign, what is malicious and what is worthy of closer attention. Don’t just look for known threats based on signatures or known behavior patterns. Ease of use and simplicity and speed of installation, deployment and management One light weight agent with multiple uses –Incremental Detection/Remediation/Protection/SNAC Choice of in-house or web based agent management or hybrid

  4. End Point Technologies The Opportunities Awareness and Information Knowing what software exists, where , and for how long Software NAC Simple, fast, flexible EPP agent based System, Network or Application Access Control Extend EPP NAC to include casual visitors, even web connected clients Security Breach Management Install, scan and check 1,000 PCs for malware (including rootkits) in less than one hour Customer Security Management Enable e-commence applications to query the security state of any web connected client Force on-demand system scan Force cleanup before access Monitor , verify and block poisoned DNS resolution Force user into “more secure” browser environment Enforce or monitor PC usage and authentication

  5. Performance Comparison

  6. End Point Technologies CSI / Edge System Impact Edge: All components combined, produces only an 11MB RAM footprint. CSI: Virtually no overhead when idle and shrinks to a 6MB RAM footprint. Consistently low / transparent CPU usage: After 1 hour of heavy system use, Edge required only 24 seconds of kernel + user CPU time for realtime scanning. Both products require less than 10 MB of available disk space and will run on computers with less than 64MB of physical RAM.

  7. End Point Technologies PassMark™ System Performance Comparison Without Edge: With Edge: Edge impacted system performance by only 0.34% percent across a wide range of CPU, disk, and graphics benchmarks.

  8. End Point Technologies Installation Size This chart compares size of the complete downloaded setup files of the above programs. (Lower is better)

  9. End Point Technologies Registry Utilization Comparison This chart compares the count of registry entries installed by the above products. (Lower is better)

  10. End Point Technologies Scan Speed • Although CSI scans extremely quickly, its rootkit scan and system analysis is as thorough as possible. It achieves this speed with some technical breakthroughs: • The ability to duplicate the master file table (MFT) in memory and analyze files in an optimized sequence • The ability to search through the system for duplicate/specific files in less than 1/100,000th of the time a standard search takes (0.01 seconds versus 20 minutes) • The ability to analyze the system registry as a whole by reading it raw from the system and reorganizing it into a more optimized database format for on-demand analysis • The ability to intelligently read the disk at a raw level, completely circumventing the Windows API, subsystem, and kernel • The ability to use centralized, server-side resources to analyze behavior quickly and without requiring user resources

  11. End Point Technologies System Scan Time Tests were conducted on the same Windows XP system with common software installing including the Microsoft Office Suite and Photoshop CS3.

  12. End Point Technologies Bootup Time Impact Tests were conducted on the same system and the resulting delay is the average of 5 reboots with the security product installed minus the average without any security product.

  13. End Point Technologies Bandwidth Usage From Install to Full Protection

  14. End Point Technologies Time from Install to Full Protection

  15. Scan Comparative Video

  16. End Point Technologies Scan Comparative Video Please visit the following URL for a Scan Comparative video: http://www.prevx.com/vid/scancomparative

  17. End Point Technologies Rootkit Detection • Rootkit scanning and low-level system analysis is the reason for the fast scan speed • Uses a cross-section approach on raw disk structures, registry, and memory structures • Reports all findings centrally to the database to ignore legitimate system modifications done by security products, etc. to prevent user confusion: Standard Flow of a File Read Request fread() > ReadFile > NtReadFile > KiFastSystemCall > SSDT > ZwReadFile > [Minifilter driver stack] > [Legacy file system filter driver stack] > ntfs.sys > PhysicalDiskn device > Disk.sys > classpnp.sys > scsi.sys > HAL > BIOS Flow of a CSI read request CSIRawReadFile() > scsi.sys > HAL > BIOS

  18. End Point Technologies Rootkit Remediation • CSI removes rootkits by restructuring system components without the rootkits present before shutdown rather than falling into a race condition on bootup as other products do • This provides stable rootkit removal which can remove any rootkit from the MBR rootkit to Rustock to TDSServ generically without having to write specific routines for each • Spyware/usermode threat remediation isolates the threats from the rest of the system by closing or suspending open connections which the threats have and then forcing them to be removed, either from usermode or with the raw disk access modules

  19. End Point Technologies Rootkit Scan Comparison The popular antirootkit programs GMER and Rootkit Unhooker both analyze the disk at a raw level like CSI to detect some of the threats which CSI can detect, however, they do so in a much less optimized manner. These tests were performed on the same system with two rootkits active and an active usermode spyware infection. All three products detected the rootkits, but as CSI’s scan contains not only a rootkit scan, it also identified the active spyware infection which the other products missed.

  20. Rootkit Infection Video

  21. End Point Technologies Rootkit Infection Video Demonstration Please visit the following URL for a Rootkit infection video demonstration: http://www.prevx.com/vid/rootkitinfection

  22. Website Drop Video

  23. End Point Technologies Website Drop Video Demonstration Please visit the following URL for a website drop video demonstration: http://www.prevx.com/vid/websitedrop

  24. Universal AgentCSI, Edge, Enterprise, eSAC

  25. End Point Technologies Prevx Software Single Installation File: All Prevx products (CSI, Edge, eSAC, CSI-E) are contained in the single 1MB install file, requiring no additional downloads Dynamic License Structure: The software will change dynamically depending on the license key entered or functionality requested Light on Resources: The software is light on resources and requires a minimal number of files on disk as well as only two active processes to support multiple user accounts

  26. End Point Technologies Operating System Support CSI Windows 7, 2008, Vista, 2003, XP, 2000, ME, 98, NT4 Support for 32 bit and true 64 bit architectures EDGE Windows 7, 2008, Vista, 2003, XP, 2000 Support for 32 bit and true 64 bit architectures ESAC Windows 7, 2008, Vista, 2003, XP, 2000, ME, 98, NT4 Support for 32 bit and true 64 bit architectures Plus Universal Browser support

  27. End Point Technologies EPP Compatibility CSI, Edge and ESAC have been designed for complete compatibility between other security solutions and has been thoroughly tested and found to be completely compatible with all major enterprise security solutions including the following: Symantec Endpoint Protection 11.0 McAfee Total Protection for Endpoint Trend Micro Office Scan 8.0 Kaspersky Work Space Security* ESET Smart Security Business Edition Sophos Endpoint Security and Control 8 AVG Internet Security Network Edition 8.0 * A minor incompatibility between the memory scanner of Kaspersky and the self protection of Edge was found and corrected during testing

  28. End Point Technologies Consumer Security Suite Compatibility CSI, Edge and ESAC are fully compatible with popular consumer security suites and have been thoroughly tested against the following popular suites as well as dozens of other products with no identified incompatibilities: Norton Internet Security 2009 ESET Smart Security 2009 Trend Micro Internet Security 2009 McAfee Internet Security 2009 Kaspersky Internet Security 2009 AVG Internet Security 2009 F-Secure Internet Security 2009 G-Data Internet Security 2009 Panda Internet Security 2009 ZoneAlarm Internet Security Suite 2009

  29. CSI and Edge

  30. End Point Technologies Prevx CSI Provides scanning and cleanup functionality for home users. Management takes place within the local software and users are provided a GUI to configure settings and schedule scans.

  31. End Point Technologies Prevx Edge Provides malware protection and advanced rootkit prevention with minimal system resource use and maximum compatibility with other software.

  32. End Point Technologies Software Conversion Installing CSI automatically installs Edge. To activate the Edge functionality, the user can click “Prevent Infections” to upgrade to Edge. To convert back to CSI from Edge, clicking “Revert to CSI” will disable the Edge functionality and revert the software to CSI.

  33. eSAC(eCommerce Secure Access Control)

  34. End Point Technologies Prevx eSAC Prevx eCommerce Secure Access Control protects accounts from fraud and phishing by utilizing centralized authentication validation intelligence and malware scanning with CSI.

  35. End Point Technologies Prevx eSAC Website Launches Prevx ESAC Seamlessly via special html <title> Internet Integrity Check LSP Chain. DNS Poison. Host File Injection. Device Integrity Check Real Time Malware Scan. AV Status Check. Device/Account Cross Check Logon History of this Device. Logon History of All Accounts using this device. Website receives intimate knowledge of connected computer’s malware state and previous logon history in just 20 secs. Website Continues Logon With more knowledge about the Connected PC

  36. End Point Technologies Prevx eSAC Video Demonstration Please visit the following URL for a video demonstration: http://www.prevx.com/vid/esac

  37. Enterprise

  38. End Point Technologies Prevx Enterprise Provides enterprise functionality and centralized management with alerts for large corporations. CSI also provides web-based management for smaller companies that do not have the resources to run local server software.

  39. End Point Technologies Enterprise Agent • Built on current consumer offering • Same strong detection and cleanup • Lightweight implementation and Low-Resource footprint • Compatibility for all windows platforms and with all security vendors • Minimalistic user interface • Communicates with in-house CSIE Server

  40. End Point Technologies Enterprise Server • Multithreaded, single point of contact to the Prevx central database • Own database implementation (MDB) • Cloud-Response caching • Agent configuration and distribution, report, alert and override capabilities

  41. End Point Technologies Enterprise Architecture Prevx Cloud Community Database Secure Relay Node Firewall / Proxy server Admins CSIE Server Agents • Determination • Configurations • Scan Histories • Overrides MDB Agents

  42. End Point Technologies Enterprise Status

  43. End Point Technologies Enterprise Alerts

  44. End Point Technologies Enterprise Overrides

  45. End Point Technologies Enterprise Client Configuration

  46. End Point Technologies Enterprise Remote Deployment

  47. End Point Technologies Prevx Enterprise Video Demonstration Please visit the following URL for a video demonstration: http://www.prevx.com/vid/csie

  48. MyPrevxOnline Management Console

  49. End Point Technologies MyPrevx – Business console All business users of either Prevx CSI , Prevx Edge and Prevx 2.0 receive access to the MyPrevx console as part of their subscription. This allows administrators to manage not only the license and machines installed but also their auditing and alerting when a system is found to be infected.

  50. End Point Technologies MyPrevx – Business console MyPrevx for Business offers users a complete chronological list of infections found within their organisation. System administrators and those tasked with assessing risk can easily see how and when certain infections might have impacted the security of their data.

More Related