Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

7/30/2018
02:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Endgame Addresses Phishing Attacks With Machine Learning

Machine learning model closes critical entry point for cybercriminals with 99 percent efficacy

ARLINGTON, Va., July 33, 2018 – Endgame, the first endpoint protection platform to deliver the stopping power of a world class SOC in a single agent, today announced that it has enhanced its platform to end the threat of document-based phishing attacks. MalwareScore, a host-based machine learning technology, now has the capability to identify and block known and never before seen malicious Microsoft Office documents pre-execution with 99 percent efficacy.

Phishing is the third most prevalent cyber attack resulting in information breaches, with approximately 70 percent of breaches associated with nation-state or state-affiliated actors involving phishing according to the Verizon 2018 Data Breach Investigations Report. The report also notes that two-thirds of phishing emails include malware. The recent indictment of 12 Russian intelligence officers suspected of playing a role in the hack of the Democratic National Committee before the 2016 U.S. election notes that phishing played a major role in their strategy. Phishing attacks that delivered malicious payloads also targeted this year’s World Cup in Russia and the Pyeongchang winter games.

“It’s important to remember that phishing is just the beginning of a long attack chain that can lead to a major breach, not a final attack. Payload-driven phishing attacks give attackers the foothold they need to access the internal network. From there, they can perform reconnaissance, move laterally, and take actions to find and exfiltrate sensitive data or worse,” said Mark Dufresne, vice president of threat research and prevention at Endgame. “That is why Endgame is tackling this issue head on to stop hackers from ever gaining that foothold. Strong machine learning models are necessary to protect businesses from new and unknown malicious macros, which is where signature-based solutions fail.”

Available in the Endgame 3.0 release, MalwareScore is part of a multi-layer approach that includes automated tradecraft analytics and orchestration to prevent the attack, quarantine the file or host, and orchestrate clean up across all endpoints and mail servers on the network.

Consistent with our commitment to transparency, the updated machine learning model is running publicly in Google’s VirusTotal where it is helping security teams determine whether documents are malicious.

“The endpoint is the only place to prevent cyber attacks with certainty, because it is there that adversaries expose themselves making it easier to find malicious activity early and reduce the cost of incident response investigations on the whole network,” said Mike Nichols vice president of product management at Endgame. “This unique extension of MalwareScore resides entirely on the endpoint, ensuring complete protection of the mobile and disconnected workforce with zero end user impact. This update adds another layer of prevention to our comprehensive protection based on the MITRE ATT&CK matrix, bringing Endgame another step closer to being the last agent you will ever need.”

The researchers who invented the updated machine learning model for MalwareScore will be available for meetings during the Black Hat Conference Aug. 8-9 to give live demonstrations of the new capabilities. Meet them at the Endgame booth #1328 in the Business Hall in Shoreline throughout the conference. Schedule an onsite demo here and learn more about MalwareScore on our website here. To read about the threat landscape and how Endgame 3.0 addresses the problem you can read more here, while you can learn more about how Endgame is using machine learning to end document-based phishing attacks here.

About Endgame

Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16680
PUBLISHED: 2019-09-21
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16681
PUBLISHED: 2019-09-21
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16677
PUBLISHED: 2019-09-21
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-16678
PUBLISHED: 2019-09-21
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16679
PUBLISHED: 2019-09-21
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.