Vulnerabilities / Threats
1/7/2014
02:56 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

CounterTack Unveils Next Generation Of Sentinel For Endpoint Threat Detection And Response

Platform provides deep behavioral analysis of persistent attacks

WALTHAM, Mass., January 7, 2014 – CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced the next-generation of its revolutionary endpoint threat detection and response platform, Sentinel, to help global organizations regain control of their security against targeted, persistent threats.

"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," said Jae Woo Lee, General Manager of the Managed Security Service Team, SK Infosec. "We needed a platform that provides deep behavioral analysis of persistent attacks with an unparalleled level of intelligence, to make better security decisions. Sentinel gives us the visibility and attack context that we need to prioritize our response to known and unknown threats."

The endpoint has emerged as the epicenter of attacker access and activity – the new battleground between attackers and enterprise organizations. To combat large-scale, persistent threats, organizations need unobscured visibility into attacker behavior across the enterprise with automated intelligence to dramatically improve response time and response tactics. Sentinel combines its real-time stealthware with Big Data analytics to provide organizations with that visibility, context and intelligence necessary to make better, more informed security decisions across the entire enterprise.

"Persistent, motivated attackers have had the advantage over enterprise and government organizations for far too long – it's time to put these organizations back in control of their security," said Neal Creighton, CEO, CounterTack. "We leverage attackers' own technology and methods, delivering enterprise-grade stealthware to customers, that provides automated attack intelligence and enterprise-wide correlation. With Sentinel, CounterTack is turning the tide on attackers by giving teams a platform that's simple to deploy and operationalize across the entire enterprise."

Endpoint threat detection and response has emerged as a critical component in defending against sophisticated adversaries, driving market and technology consolidation evidenced by FireEye's recent acquisition of Mandiant. CounterTack remains the independent technology leader, with substantial advantages over competitive platforms including:

· No post-exploit search for attack signatures like other endpoint technology. Sentinel's driverless behavioral analysis capability analyzes application executtion in real-time to identify attacks in-progress.

· Better response to potential attacks because Sentinel identifies what actually happened during an attack while providing forensic-level details of attacks in progress. Security personnel use Sentinel's attack intelligence to choose the best response based on the type of attack.

· Complete attack analysis. Sentinel's robust search interface helps teams access any type of endpoint data from artifacts like files and registry keys, to real-time network statistics of which attacks accessed which hosts. This searchable data enables security engineers to understand how one identified attack affects the entire enterprise without the need for individual endpoint querying.

· Endpoint monitoring to scale the entire enterprise. Sentinel is built on Big Data technology which helps it scale to handle hundreds of thousands of endpoints. Simultaneously, Sentinel provides real-time forensic data through an enterprise architecture, giving teams the high availability, load balancing, and search capabilities they demand.

· Sentinel does not install agents to collect data on endpoints. Instead, it uses a lightweight, driverless kernel technology to gather continuous, real-time data from endpoints without a performance impact.

"...In fact, kernel-based tools offer better protection from tampering because the userland agent tool cannot be protected from the attacker with kernel-level access. It is more difficult for the attacker to hide from ETDR data collection than, say, native OS logging," Gartner, Endpoint Threat Detection and Response Tools and Practices, Anton Chuvakin, September 25, 2013.

About CounterTack

CounterTack is revolutionizing security by bringing real-time attack detection and forensics to the endpoint, rendering traditional endpoint security obsolete with its Scout and Sentinel solutions, shortening the gap between detection and infection for enterprise organizations. By actively engaging attackers, CounterTack helps organizations dramatically reduce the dwell time of advanced, persistent adversaries and the damage they can cause. Through blazing-fast detection, real-time attack capture and automated intelligence, CounterTack provides unparalleled visibility into malicious behavior, enabling organizations to make smarter decisions on countering known and unknown threats to protect their business. To learn more, visit www.CounterTack.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.