Network World: Enterprises Are Buying Host-Based Advanced Malware Detection/Prevention Tools To Capture Forensic Data

Posted by Jill Newbury    Dec 11, 2012 2:39:00 PM

APTs and advanced malware are having a profound effect on cybersecurity technologies. One notable change is the rise of new Advanced Malware Detection/Prevention (AMD/P) technologies from vendors like Bit9, Bromium, CounterTack, Invincea, Malwarebytes, and Sourcefire that detect and block advanced malware on servers and endpoints.

Aside from acting as another layer of defense, CISOs tell me that these tools provide another valuable security function – they capture host activities (i.e. file downloads, processes, registry settings, network activity, etc.). Some tools also provide analytics while others hand the data to SIEM platforms, cloud analytics, etc. Host behavior data is then used as part of advanced malware detection and also provides basic forensic information for incident response.

Let me step back and bit and provide some context here. Advanced malware circumvents traditional security controls and ends up compromising host computers (mostly endpoints). In spite of the fact that enterprises typically have thousands of Windows PCs, they are virtually blind to what happens on the actual devices. This issue was illustrated in a recent ESG Research survey where security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to identify their weakest areas of endpoint security monitoring.

Read More >

Topics: Media Coverage

For Media Inquiries

Please email

View News Mentions from Previous Years:

2018 News Mentions

2017 News Mentions