Vulnerabilities / Threats
1/7/2014
02:56 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

CounterTack Unveils Next Generation Of Sentinel For Endpoint Threat Detection And Response

Platform provides deep behavioral analysis of persistent attacks

WALTHAM, Mass., January 7, 2014 – CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced the next-generation of its revolutionary endpoint threat detection and response platform, Sentinel, to help global organizations regain control of their security against targeted, persistent threats.

"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," said Jae Woo Lee, General Manager of the Managed Security Service Team, SK Infosec. "We needed a platform that provides deep behavioral analysis of persistent attacks with an unparalleled level of intelligence, to make better security decisions. Sentinel gives us the visibility and attack context that we need to prioritize our response to known and unknown threats."

The endpoint has emerged as the epicenter of attacker access and activity – the new battleground between attackers and enterprise organizations. To combat large-scale, persistent threats, organizations need unobscured visibility into attacker behavior across the enterprise with automated intelligence to dramatically improve response time and response tactics. Sentinel combines its real-time stealthware with Big Data analytics to provide organizations with that visibility, context and intelligence necessary to make better, more informed security decisions across the entire enterprise.

"Persistent, motivated attackers have had the advantage over enterprise and government organizations for far too long – it's time to put these organizations back in control of their security," said Neal Creighton, CEO, CounterTack. "We leverage attackers' own technology and methods, delivering enterprise-grade stealthware to customers, that provides automated attack intelligence and enterprise-wide correlation. With Sentinel, CounterTack is turning the tide on attackers by giving teams a platform that's simple to deploy and operationalize across the entire enterprise."

Endpoint threat detection and response has emerged as a critical component in defending against sophisticated adversaries, driving market and technology consolidation evidenced by FireEye's recent acquisition of Mandiant. CounterTack remains the independent technology leader, with substantial advantages over competitive platforms including:

· No post-exploit search for attack signatures like other endpoint technology. Sentinel's driverless behavioral analysis capability analyzes application executtion in real-time to identify attacks in-progress.

· Better response to potential attacks because Sentinel identifies what actually happened during an attack while providing forensic-level details of attacks in progress. Security personnel use Sentinel's attack intelligence to choose the best response based on the type of attack.

· Complete attack analysis. Sentinel's robust search interface helps teams access any type of endpoint data from artifacts like files and registry keys, to real-time network statistics of which attacks accessed which hosts. This searchable data enables security engineers to understand how one identified attack affects the entire enterprise without the need for individual endpoint querying.

· Endpoint monitoring to scale the entire enterprise. Sentinel is built on Big Data technology which helps it scale to handle hundreds of thousands of endpoints. Simultaneously, Sentinel provides real-time forensic data through an enterprise architecture, giving teams the high availability, load balancing, and search capabilities they demand.

· Sentinel does not install agents to collect data on endpoints. Instead, it uses a lightweight, driverless kernel technology to gather continuous, real-time data from endpoints without a performance impact.

"...In fact, kernel-based tools offer better protection from tampering because the userland agent tool cannot be protected from the attacker with kernel-level access. It is more difficult for the attacker to hide from ETDR data collection than, say, native OS logging," Gartner, Endpoint Threat Detection and Response Tools and Practices, Anton Chuvakin, September 25, 2013.

About CounterTack

CounterTack is revolutionizing security by bringing real-time attack detection and forensics to the endpoint, rendering traditional endpoint security obsolete with its Scout and Sentinel solutions, shortening the gap between detection and infection for enterprise organizations. By actively engaging attackers, CounterTack helps organizations dramatically reduce the dwell time of advanced, persistent adversaries and the damage they can cause. Through blazing-fast detection, real-time attack capture and automated intelligence, CounterTack provides unparalleled visibility into malicious behavior, enabling organizations to make smarter decisions on countering known and unknown threats to protect their business. To learn more, visit www.CounterTack.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web