End Point Security Solution Integrates Cloud Analysis and Enterprise Response Capabilities
Endpoint threat prevention firm Invincea, Inc., this week enhanced its offerings with new threat identification and response capabilities added to its container-based endpoint protection solution.
The latest version of the company’s flagship offering, Invincea Advanced Endpoint Protection 5, now combines containerization technology with advanced endpoint visibility, analysis, and control to provide compromise detection and elimination, the company said.
The common attack vectors leading to breaches is employees clicking on malicious links, visiting compromised websites or opening weaponized documents—all threats that Invincea aims to defeat via its endpoint security solution.
In a recent blog post debating the effectiveness of security awareness training, Anup Ghosh, founder and CEO of Invincea, explained that while educating employees on the risks of using email and the Web is important, relying on users to make the correct decision on every email link, attachment or web page they choose to click on is nearly impossible.
“If there is an attachment, someone will open it – no matter how much you have trained users,” Ghosh said. “It is not only human instinct you are trying to untrain, it is the way we do business. You can’t train an HR person not to open a resume sent in PDF – that’s his job. You can’t train an executive not to open a business proposal—that’s her job. In both cases, these are common spear-phishing tactics.”
The addition of new sensor technology, which works alonside its cloud-based cyber genome analysis technology, Cynomix, enables security teams to identify compromised devices.
Invincea Advanced Endpoint Protection now includes granular escalating controls that emable security teams to isolate suspect processes on endpoints, quarantine compromised devices, and eradicate threats across the enterprise.
Invincea Management, which runs cloud-hosted or on-premise, manages endpoints and allows security teams to selectively publish threats to trusted communities in standard STIX format.
Comprised of Invincea Endpoint (formerly Invincea FreeSpace), Invincea Management (formerly Invincea Management Server) and Cynomix, Invincea Advanced Endpoint Protection 5 includes capabilities:
• Secure Virtual Container – Protects the most targeted and vulnerable applications (Web browsers, Java, Flash, PDF readers, Office applications) by running them in a secure virtual container. Attacks are isolated from the host operating system, preventing the adversary from accessing sensitive data or conducting lateral movement in the network. A control interface kills any suspicious processes in the container, while detailed forensic data is captured for analysis.
• Endpoint Sensor to Identify Existing Breaches – The endpoint agent now includes an integrated sensor that identifies suspicious processes already existing on the machine. The sensor sends only anomalous events to Invincea Management for further analysis using cloud-based analytics.
• Pluggable Framework for Threat Analysis Services – The solution now includes a framework for integrating third-party threat analysis services. Pre-built integrations are included for Cynomix, VirusTotal, Metascan and ReversingLabs; additional services can be added via an open API.
• Cynomix – A DARPA-funded technology built by Invincea Labs, Cynomix uses machine learning techniques to analyze unknown executables and identify maliciousness through their genetic markers. Using a mapping of the cyber genome of millions of pieces of malware, Cynomix identifies new malware strains well before other solutions.
In June 2013, Invincea announced an OEM partnership with Dell under which the PC maker would ship systems with Invincea technology installed straight from the factory on all commercial systems including its Precision, Latitude and Optiplex machines.