Cyber operations platform to automate the hunt for cyber adversaries
At RSA Conference Endgame announced the launch of a comprehensive cyber operations platform for organizations to detect, block, and evict advanced threats at the earliest phase of the kill chain.
The company leveraged the new platform as part of a Red Flag exercise with the Air Force, conducted at the Combined Air Operations Center (CAOC) at Nellis Air Force Base in Las Vegas, NV in January. The exercise was designed to simulate a near-peer combat threat environment.
Adversaries today are outmaneuvering security programs with advanced techniques that were once only available to the most sophisticated state actors. The current enterprise security stack, dependent on signatures and short-lived indicators of compromise, was not built to detect these techniques. Understanding these weaknesses, Endgame leverages its heritage in offense to empower enterprises to behave like the adversary and stealthily hunt threats within their networks.
“Over time, our conversations with security leaders made it clear that current technologies are failing against advanced adversaries,” said Nate Fick, CEO at Endgame. “Companies are eager to take a more proactive approach, which is why we created an end-to-end hunt platform that allows companies to detect, block, and evict adversaries at the earliest phase of the kill chain to reduce damage and loss.”
Endgame’s platform enables three essential hunting requirements to help companies defend against the most advanced adversaries:
Stealth operations: Today’s adversaries are outmaneuvering enterprise security programs with techniques that detect advanced defense investments, and evade or disable them. Unlike conventional solutions, Endgame’s stealth sensors operate with zero detectable persistence, covert operations, and minimal network impact, allowing customers full visibility into and uninterrupted protection from adversary activities – without tipping their hand to them.
Multi-stage detection: With current technologies, average adversary dwell time in networks is 200+ days, increasing the chance that damage and loss can occur. Endgame’s platform dramatically reduces dwell time by integrating automated detection of known and never-before-seen threats at the earliest stage of the kill chain. Endgame’s approach enables prevention of adversary techniques, such as process injection, lateral movement, and privilege escalation, allowing customers to eliminate entire classes of vulnerabilities and any associated zero-days.
Precision response: After a threat is uncovered, current technologies force security professionals to go through a series of time consuming tasks and manual processes that elongate response time and lead to more damage control. Endgame’s platform delivers precision response actions that can be deployed simultaneously at scale to eradicate adversaries with no impact to business continuity. Our targeted responses address both adversary behavior and malware variants by isolating devices, terminating adversary activity, and removing persistence, and are effective in even in the most complex networks.
The platform will be generally available on March 30, 2016.