New Interpretability Features Ease Threat Hunting, Dynamic Protection and Active Mitigation, Further Extending Security Value while CrowdStrike and Carbon Black Play Catchup
Waltham, MA – CounterTack+GoSecure, the leading provider of Predictive Endpoint Security Platform and MDR Services for the enterprise, announces a major new release of its open and flexible Endpoint Protection Platform (EPP). The new features expand the Platform’s Predictive Analytical capabilities that interpret threat data in simple English enabling proactive response and mitigation. The new capabilities greatly reduce the complexity that security analysts have to deal with to protect their endpoints from advanced threats like memory mods, fileless malware, ransomware and APTs.
Working shoulder-to-shoulder with security analysts, government clients, global MSSPs and our own cybersecurity experts, CounterTack+GoSecure studied use cases against the evolving threat landscape and delivered a range of innovative, never before available capabilities in the Platform. Customers and MSSP partners can now perform correlated threat hunting, live remote control, live memory introspection with machine learning, and more, making endpoint security much more approachable whether deployed on-premise or in the cloud.
“Once again, CounterTack+GoSecure is delivering groundbreaking new innovations in endpoint security, further distancing our technological lead from competitors like CrowdStrike and Carbon Black,” said Neal Creighton, CEO of CounterTack. “These innovations are a giant stride forward, allowing our customers and partners to respond with unprecedented speed, confidence and accuracy to advanced threats from unknown malware or malicious insiders.”
A summary of new features in the current release are as follows:
- Multi-Observational Analysis with interpretable results with EDR: We added an additional machine learning model that analyzes behaviors of code in memory before it executes. The endpoint sensor dynamically examines, in real-time, millions of possible behavioral capabilities, both good and bad. It applies a multi-model machine learning algorithm that not only asserts if the code is malicious but provides specific reasons why our algorithm believes so. This interpretability is key to helping security analysts perform faster, more confidently and with better prioritization of their analysis, triage and mitigation.Coupled with our existing automatic response capability, we enable dynamic prevention, or the ability to stop, in real-time and without user intervention, any process from continuing to run when it is malicious or becomes malicious. For example, when a previously good process is exploited, it will be terminated before the exploit payload is launched.
- Live Remote Control: The Platform’s real-time interactive shell can connect remotely to the endpoint for triage and investigation. In contrast to conventional approaches in competitive products that execute a few select commands, the security analyst can use Live remote Control to request real-time DDNA memory analysis on a per process basis, retrieve memory dumps, perform file downloads or uploads, run any command, access registry keys and files – all without relying on external tools from 3rd parties that can be blocked, flagged or compromised by attackers.
- Context-Driven Threat Intel: While external intelligence is integral to all EDR products, security analysts have consistently reported that they are overwhelmed with the amount of external threat intelligence and are unable to consume it even when correlated with endpoint telemetry. Our Platform’s new scoring approach isolates the needle in the needlestack and aides in prioritizing threats more accurately by leveraging external intelligence within Behavioral Analysis, bubbling up the right information more quickly while reducing noise.
- Relationship Graph from anywhere: Process Trees are common in many security products and useful to see the system view of what was running around the time of the incident. Security analysts tell us that they still struggle to sift through volumes of the per-process views in order to determine root cause. Our Platform’s Relationship Graphs creates a root cause based graphical view that automatically correlates our Predictive Analysis with process, file, registry, and network events, along with the artifacts that are most pertinent to the analysis including matching external threat intelligence to behaviors – all on one screen – enabling faster time to mitigation and easier communication between tiers of analysts on why something is good or bad.
GoSecure is recognized as a leader and innovator in cybersecurity solutions. The company is the first and only to integrate endpoint, network, and email threat detection into a single Managed Detection and Response service. The GoSecure Titan platform delivers predictive multi-vector detection, prevention, and response by applying a unique combination of behavioral analysis, memory forensics, machine learning, and reputational techniques to counter the most advanced threats. GoSecure Titan MDR is designed to detect and respond in less than 15 minutes, rapid response and active mitigation services that directly touch the customers’ network and endpoints. Together, these capabilities provide the most effective response to the increased sophistication of continuously evolving malware and malicious insiders that target people, processes, and systems. With a focus on innovation, quality, integrity, and respect, GoSecure has become the trusted provider of cybersecurity products and services to organizations of all sizes, across all industries globally.