Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

7/30/2018
02:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Endgame Addresses Phishing Attacks With Machine Learning

Machine learning model closes critical entry point for cybercriminals with 99 percent efficacy

ARLINGTON, Va., July 33, 2018 – Endgame, the first endpoint protection platform to deliver the stopping power of a world class SOC in a single agent, today announced that it has enhanced its platform to end the threat of document-based phishing attacks. MalwareScore, a host-based machine learning technology, now has the capability to identify and block known and never before seen malicious Microsoft Office documents pre-execution with 99 percent efficacy.

Phishing is the third most prevalent cyber attack resulting in information breaches, with approximately 70 percent of breaches associated with nation-state or state-affiliated actors involving phishing according to the Verizon 2018 Data Breach Investigations Report. The report also notes that two-thirds of phishing emails include malware. The recent indictment of 12 Russian intelligence officers suspected of playing a role in the hack of the Democratic National Committee before the 2016 U.S. election notes that phishing played a major role in their strategy. Phishing attacks that delivered malicious payloads also targeted this year’s World Cup in Russia and the Pyeongchang winter games.

“It’s important to remember that phishing is just the beginning of a long attack chain that can lead to a major breach, not a final attack. Payload-driven phishing attacks give attackers the foothold they need to access the internal network. From there, they can perform reconnaissance, move laterally, and take actions to find and exfiltrate sensitive data or worse,” said Mark Dufresne, vice president of threat research and prevention at Endgame. “That is why Endgame is tackling this issue head on to stop hackers from ever gaining that foothold. Strong machine learning models are necessary to protect businesses from new and unknown malicious macros, which is where signature-based solutions fail.”

Available in the Endgame 3.0 release, MalwareScore is part of a multi-layer approach that includes automated tradecraft analytics and orchestration to prevent the attack, quarantine the file or host, and orchestrate clean up across all endpoints and mail servers on the network.

Consistent with our commitment to transparency, the updated machine learning model is running publicly in Google’s VirusTotal where it is helping security teams determine whether documents are malicious.

“The endpoint is the only place to prevent cyber attacks with certainty, because it is there that adversaries expose themselves making it easier to find malicious activity early and reduce the cost of incident response investigations on the whole network,” said Mike Nichols vice president of product management at Endgame. “This unique extension of MalwareScore resides entirely on the endpoint, ensuring complete protection of the mobile and disconnected workforce with zero end user impact. This update adds another layer of prevention to our comprehensive protection based on the MITRE ATT&CK matrix, bringing Endgame another step closer to being the last agent you will ever need.”

The researchers who invented the updated machine learning model for MalwareScore will be available for meetings during the Black Hat Conference Aug. 8-9 to give live demonstrations of the new capabilities. Meet them at the Endgame booth #1328 in the Business Hall in Shoreline throughout the conference. Schedule an onsite demo here and learn more about MalwareScore on our website here. To read about the threat landscape and how Endgame 3.0 addresses the problem you can read more here, while you can learn more about how Endgame is using machine learning to end document-based phishing attacks here.

About Endgame

Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5118
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
CVE-2019-12422
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2019-10764
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
CVE-2019-19117
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.