Beyond Anti-virus: How Can You Combat Today’s Most Sophisticated Threats?
Space researchers infer the existence of a black hole, not by observing it directly, but by observing what’s happening around it. Changes in surrounding matter, warping of light, or a larger than normal burst of x-rays can all indicate the presence of a black hole in a galaxy.
Each black hole is different, but it causes changes in the environment around it that facilitate its detection when a researcher thinks “that’s just not right”.
RSA’s ECAT- Enterprise Compromise Assessment Tool – detection system works on the same principles.
How will you combat the best of today’s threats?
The traditional combination of Firewall, Intrusion Detection System and Anti-virus package is ineffective at detecting the more sophisticated threats in today’s modern IT landscape.
We are seeing an increasing number of attacks where malware code is deployed by opening a fraudulent attachment in an email, or by visiting a compromised website that appears to function normally during your visit.
The code is quickly hidden away in trusted applications, not affecting the performance of those apps, but warping them silently to fulfil your attacker’s ambitions.
This kind of assault is designed to go unnoticed for as long as possible so that a hijack of your confidential data can go on indefinitely.
The customisation of these attacks is impressive. We are observing attacks made for one-time use, to infiltrate a business or government entity that represents a particular interest to the attacker or state-sponsored group.
These attacks have no clear signature. Anti-virus programmes can’t detect them because they don’t look like any virus or Trojan that has been detected previously.
To really get visibility and know what’s going on we need to baseline normal system activity and identify when variations occur, so that we can investigate on a granular level and quickly stop the malware’s execution. What’s more we need to be able to rewind through time to understand how the attack occurred.
That’s what RSA ECAT solution brings to the table.
How does it work?
Its agent sits as a silent observer on every endpoint in your system, inspecting live memory activity and looking for processes that are running in an unexpected way, using more resources than they should or triggering other processes that you wouldn’t expect them to.
A sophisticated, real-time calculation is made of the risk that an endpoint is compromised and if a warning threshold is exceeded, the software sends an alert to your network security staff and points to the offending processes.
Your security staff can then use RSA ECAT to quarantine and dissect the suspect files before inspecting the rest of your network for other instances of the same processes in play.
When an infection is confirmed, the endpoint(s) can be removed from the network and sent for re-imaging.
RSA ECAT gets our tick of approval
We’re always proud to endorse products that set the bar for security a little higher, and RSA’s ECAT system does exactly that. It can form an important part of a multi-layered threat detection system and works seamlessly with other leading security products that we recommend.
It’s also light on resources for such an observant programme. It can be throttled to consume very little system resources yet remain stately and alert.
Is RSA ECAT a product for you? Here’s how to know…
If your company has experienced a data breach (or you suspect one) and you’re at a loss to know how it happened, or if your company simply cannot afford a data breach in the first place, you should register for our upcoming webinar.
We’ll be hosting experts from RSA who will demonstrate the software in real-time and show you just how quickly you can get control of a threat that has been completely customised to attack your system – unable to be detected by leading anti-virus packages.
You’ll be able to talk to the experts and pose your questions live. If you’re prepared to invest the hour, you will know exactly how RSA ECAT might fit into your network security arsenal.
The webinar will be held on Wednesday the 18th of November at 10am AEST.
Note: Link removed as webinar date has passsed. Thank-you to all attendees