Vulnerabilities / Threats
1/7/2014
02:56 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

CounterTack Unveils Next Generation Of Sentinel For Endpoint Threat Detection And Response

Platform provides deep behavioral analysis of persistent attacks

WALTHAM, Mass., January 7, 2014 – CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced the next-generation of its revolutionary endpoint threat detection and response platform, Sentinel, to help global organizations regain control of their security against targeted, persistent threats.

"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," said Jae Woo Lee, General Manager of the Managed Security Service Team, SK Infosec. "We needed a platform that provides deep behavioral analysis of persistent attacks with an unparalleled level of intelligence, to make better security decisions. Sentinel gives us the visibility and attack context that we need to prioritize our response to known and unknown threats."

The endpoint has emerged as the epicenter of attacker access and activity – the new battleground between attackers and enterprise organizations. To combat large-scale, persistent threats, organizations need unobscured visibility into attacker behavior across the enterprise with automated intelligence to dramatically improve response time and response tactics. Sentinel combines its real-time stealthware with Big Data analytics to provide organizations with that visibility, context and intelligence necessary to make better, more informed security decisions across the entire enterprise.

"Persistent, motivated attackers have had the advantage over enterprise and government organizations for far too long – it's time to put these organizations back in control of their security," said Neal Creighton, CEO, CounterTack. "We leverage attackers' own technology and methods, delivering enterprise-grade stealthware to customers, that provides automated attack intelligence and enterprise-wide correlation. With Sentinel, CounterTack is turning the tide on attackers by giving teams a platform that's simple to deploy and operationalize across the entire enterprise."

Endpoint threat detection and response has emerged as a critical component in defending against sophisticated adversaries, driving market and technology consolidation evidenced by FireEye's recent acquisition of Mandiant. CounterTack remains the independent technology leader, with substantial advantages over competitive platforms including:

· No post-exploit search for attack signatures like other endpoint technology. Sentinel's driverless behavioral analysis capability analyzes application executtion in real-time to identify attacks in-progress.

· Better response to potential attacks because Sentinel identifies what actually happened during an attack while providing forensic-level details of attacks in progress. Security personnel use Sentinel's attack intelligence to choose the best response based on the type of attack.

· Complete attack analysis. Sentinel's robust search interface helps teams access any type of endpoint data from artifacts like files and registry keys, to real-time network statistics of which attacks accessed which hosts. This searchable data enables security engineers to understand how one identified attack affects the entire enterprise without the need for individual endpoint querying.

· Endpoint monitoring to scale the entire enterprise. Sentinel is built on Big Data technology which helps it scale to handle hundreds of thousands of endpoints. Simultaneously, Sentinel provides real-time forensic data through an enterprise architecture, giving teams the high availability, load balancing, and search capabilities they demand.

· Sentinel does not install agents to collect data on endpoints. Instead, it uses a lightweight, driverless kernel technology to gather continuous, real-time data from endpoints without a performance impact.

"...In fact, kernel-based tools offer better protection from tampering because the userland agent tool cannot be protected from the attacker with kernel-level access. It is more difficult for the attacker to hide from ETDR data collection than, say, native OS logging," Gartner, Endpoint Threat Detection and Response Tools and Practices, Anton Chuvakin, September 25, 2013.

About CounterTack

CounterTack is revolutionizing security by bringing real-time attack detection and forensics to the endpoint, rendering traditional endpoint security obsolete with its Scout and Sentinel solutions, shortening the gap between detection and infection for enterprise organizations. By actively engaging attackers, CounterTack helps organizations dramatically reduce the dwell time of advanced, persistent adversaries and the damage they can cause. Through blazing-fast detection, real-time attack capture and automated intelligence, CounterTack provides unparalleled visibility into malicious behavior, enabling organizations to make smarter decisions on countering known and unknown threats to protect their business. To learn more, visit www.CounterTack.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.