Classic antivirus solutions are no longer sufficient for reliable data protection of nowadays targeting hacker attacks on company data, zero-day attacks, or persistent threats like ransomware.
Standard security methods protecting end point workstations must be supplemented by an additional security layer based on computer behavior analysis capable of detecting so far unknown threats.
Exploit Guardian protects applications with vulnerable security holes of critical and very vulnerable applications such as web browsers, system files, PDF editors, etc. It monitors the behavior of processes in memory and evaluates, reports, and blocks threats based on the deciding algorithm associated with system activities.
Exploit Guardian is a monitoring and protection tool for securing the operating system and risky applications against typical attack vectors. This protection is a complementary security feature to existing antivirus products and is capable of preventing attacks against which these solutions are ineffective, such as exploiting of unknown vulnerabilities in applications or OS vulnerabilities, un-updated OS, and unknown types of attacks.
Exploit Guardian monitors the behavior of running programs on a computer to detect unusual behavior that may indicate a malware or hacker attack. Essentially, it's about creating a service of basic system operations, such as opening files, running processes, writing to registers, and accessing the network. Depending on the mode set, this suspected attack is either reported or the suspicious process is blocked before it can perform its activity.
Event logging is done in such a way that it is easy to trace the vector of the attack and the related information that was recorded during the attack and is used for its analysis by the system administrator.
Compared to typical antivirus solutions, Exploit Guardian evaluates potentially dangerous real-time malware activities based on behavioral rules. This ensures the system even at a critical time when the vulnerability is exploited there is no patch, and malware is not described as a viral signature for antivirus capture.
Exploit Guardian protects end point workstations and their assets against the effects of ransomware. This type of malware belongs to a group of malicious code that encrypts user data. Today, ransomware is very widespread and dangerous because it combines modern distribution techniques with advanced data encryption methods.
Exploit Guardian continuously monitors the process activity in the operating system and clearly informs users about potentially unwanted operations. Allows the user to define applications for permitted operations and to restrict legitimate programs from access to system resources and user assets.
Incidents detected by Exploit Guardian in enterprise environments are managed by Management server that receives information about all incidents and related information from workstations, correlates information according to defined attack vectors, and provides pre-processed information to security administrators to streamline network security and save time on analysis security events. An example might be to automatically find workstations with the same security incident on the network. Provides clear information about network malware spread and security context for quick response. The related stored information will then help the administrator to find out details of the incidents and their causes without having to be physically present on problematic end point devices in the network.
Exploit Guardian manages system calls in the operating system, e.g. it monitors file opening, process execution, writing into registers, and network access.
Evaluation of an attacks takes place according to a predefined rules, which are made by correlating the provisions given for the source and target object, object access restrictions (create, open, read, write, delete, and rename) and the priority that determines the order of rules.
In the case that a captured event violates existing rules, Exploit Guardian will evaluate the possible risk based on the policy's priority and, depending on the mode set, the operation will enable, block, or query the user.
End points continuously synchronize with the Exploit Guardian server side and provide all the detected events that have been recorded locally. Based on received data, the server will be able to perform their analysis and correlation.
In the next step, the Exploit Guardian system correlates the related events received from an end point workstations to create an event chain to gain deeper knowledge about the detected incident, perform its analysis, and countermeasures.
The system administrator is able to analyze the attacks by using a web application that clearly and comprehensively displays the recorded attacks and helps determine their impact.
In addition, Exploit Guardian provides a tool that enables the system administrator to perform analysis and countermeasures to prevent the emergence of negative endpoint threats. The advantage of the analysis tool compared to existing solutions is that it combines the use of modern techniques and technologies to make the investigation of incidents more effective.
The web application offers an intelligent, easy-to-use interface that is dynamic and consists of three main components, each with a particular function. The first component represents the time axis at which the incidents are organized according to their severity and time. The second component is a graph depicting the development of end-point attack. The third component is an information panel providing a data about the selected incident and enabling an access to services VirusTotal and IP Geolocation.
Product Exploit Guardian was developed with support of Ministerstvo průmyslu a obchodu ČR, in granting program Operační Program Podnikání a Inovace pro konkurenceschopnost – Pokročilá ochrana před neznámými malwarovými a hackerskými útoky pomocí analýzy chování počítačů, reg. číslo CZ.01.4.04/0.0./0.0./16_066/0007813.
Sec Guardian, s.r.o.
Veveří 2845/102,
616 00 Brno, ČR,
IČ: 01673246
DIČ: CZ01673246
Web:
www.sec-guardian.cz
Email:
info@sec-guardian.cz
Tel.: +420 733 468021
Bank account: UniCredit Bank Czech Republic and Slovakia,
a.s., account number 2113755783/2700