Workstations have a single purpose – to allow users to work uninterruptedly and without interference. Fatal viruses that may penetrate technologies that protect endpoints and servers are a serious threat that may also lead to malicious and sophisticated malware under the disguise of innocent files. The response to these threats lies in robust and controlled protection that does not allow anything to penetrate those endpoints
Carbon Black – the A Team
Advanced viruses routinely penetrate traditional protection and antivirus technologies that protect endpoints and servers. This is the time to arm your endpoints with the best protection available – Bit9 & Carbon Black – a security solution comprising two leading products in a cloud intelligence which, together, provide the ultimate endpoint protection.
Bit 9 monitors and records all activities at endpoints and servers to detect, prevent and respond to cyberattacks that evade standard security solutions. When a virus disguises as an unknown file type penetrates the system, it is immediately blocked. However, the file clones itself and changes its identity, forcing the organizational systems to spend more time to overcome the attack.
Bit9 operates using a white list. Only files that are included in the white list, whether sent by email or loaded to an endpoint via a disk on key or Flash drive can enter the system. In effect, this neutralizes the need to cope with each and every threat. Bit9 provides full granular control of endpoints and servers and of each application running in them. Bit9 uses the largest intelligence threat to map all file systems.
Carbon Black neutralizes threats by checking each file entering a system. If it is infected by any threat, it reports to Bit9. At the same time, it sends it to a sandbox (safe area), where it is blocked and neutralized without risking the system. If Carbon Black finds that the file is safe, it allows the user to open it.
Carbon Black offers investigation and full kill-chain capabilities, as well as a heuristic detection system based on rules configured by both the system and the user.
BigFix – Protection End to End
IBM BigFix endpoint security enables to manage, control and limit the use of specific software while allowing to use others – in short, it makes order in all workstations and servers in the organization.
BigFix monitors physical and virtual endpoints, including servers, desktops and laptops using any operating system. Among others, BigFix manages versions, distributes software updates, manages the lifecycle of workstations/servers and monitors installed programs and how they are used. The system is also suitable for cash registers at points of sales, ATMs and self-service kiosks. Used in a decentralized environment, BigFix minimizes the load on the network when distributing updates, preventing disruptions to end users.
- Distributes software updates to hundreds and thousands of endpoints and servers quickly and efficiently, regardless of the operating system used, in both decentralized and heterogeneous environments
- Supports any version of Windows and Linux
- Distributes and manages patches with full control over workstations and servers’ configurations
- Prevents the download of malicious software or games that may cause damage to enterprise systems
- Assets management – increases savings by receiving up-to-date data about the actual use of software installed in workstations
- Clearly displays and intuitively manages the configuration of endpoints (hardware and software)
- Prevents removal of antivirus software
- Increases savings and reduces electrical consumption
The BigFix solution consists of several modules:
- Lifecycle management – inventory management at the hardware and software levels
- Patch management – distribution of application updates and fixes
- Security and compliance – automatic verification of compliance with SOX, PCI and other requirements
- Software use analysis – monitors the actual use of software installed in workstations
- Server automation – automatic establishment and installation of virtual and physical workstations and servers
- Core protection – prevents viruses, Trojan horses and spyware; antivirus (TrendMicro) and DLP software
- Remote control and management of endpoints and servers
- Endpoint manager for mobile devices
Fireeye – CSI on the Net
Fireeye offers an innovative cyber solution that enables organizations to protect themselves against Advanced Persistent Threats (APTs). The solution is based on a platform that exposes malicious actions, automatically reconstructing events. It then displays them in the form of a clear picture using sensors installed in all workstations, thus identifying local and network traffic.
- Detects sophisticated attacks and threats at the early stages, before they can cause any damage
- Analyzes real-time data that goes through the organization’s workstations and servers
- Provides an overall image of events and their spread in real time
- Artificial intelligence (Malop Hunter) does not require human intervention