Prevention
- Multilayered malware protection – Identifies and blocks both commodity and unknown/targeted malware before it has a chance to execute.
- Blocking of malicious files and applications – Executable files and office macros attempting to run in your environment are analysed in a secure sandbox and identified threats are blocked.
- Exploit prevention – Stops exploitation of known, zero day and unpatched vulnerabilities and protects commonly attacked programmes such as web browsers, office applications, email clients, and document readers.
- Ransomware protection – Block new or unknown variants of Ransomware based on behaviour before they have the chance to encrypt data and spread on the corporate network.
Detection
- Near real time detection of threat activity – Detection, investigation and root cause analysis of sophisticated threat activity at all stages of the attack lifecycle.
- Backed by world class threat intelligence – Combined with comprehensive behavioural monitoring of over 700 unique attacker tactics, techniques and procedures.
- Mapped to Mitre ATT&CK techniques – Our rule base is constantly updated to detect new and emerging attacker behaviours, ‘fileless’ malware and evasion techniques.
- Reduce investigation times down to seconds or minutes – Through automated analytics and context enrichment, we can significantly reduce the time between detection and response.
Response
- Block malicious activity with minimal business impact – Terminate and quarantine suspicious processes to prevent further damage, while still enabling collection of malware samples and forensic evidence.
- Isolate attacker from the network – Isolating suspected or known compromised machines both on and off the corporate network to protect the rest of the estate.
- Rapid capture of forensic evidence – Capture of malicious files and forensic evidence for further investigation, using dynamic sandbox analysis or manual reverse engineering by our dedicated threat intelligence team.
Hunting
- Ongoing, proactive hunting – Contextual tagging of unusual behaviours automatically creates leads for our threat hunting teams to investigate on an ongoing basis. This is complemented with targeted hunting on relevant factors such as environmental risks, changes to threat landscape, or driven by intelligence on new attack campaigns and techniques.
- Machine learning analytics – The critically important human context provided by our expert hunt team is augmented by advanced machine learning analytics, which can highlight subtle behavioural changes in petabytes of recorded data. Using time, entity and peer group models to baseline user, machine, process and network activity, we can quickly spot behavioural anomalies which are suggestive of highly evasive threats. This allows us to prioritise mitigation before a threat has the opportunity to turn into a breach.