Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/10/2015
03:05 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Startup Focuses On Stopping Data Exfiltration

Former Akamai and Imperva exec heads up new security firm enSilo, launches an operating system-level endpoint security tool.

Now that most businesses are resigned to the fact that they can't stop the bad guys from getting in, the focus increasingly is on how to stop them from taking any data out. A new startup emerging from stealth today is rolling out a next-generation endpoint tool for catching malware and preventing the bad guys from stealing information.

Security firm enSilo, based in Israel, today officially launched and introduced a real-time endpoint security tool for preventing the exfiltration of data by attackers. In a nutshell, it looks for malicious connection attempts from the machine to the outside, and shuts them down so intruders can't take anything with them on the way out. enSilo's product virtually patches against the attack.

It sits in the operating system in the form of a small footprint agent, and uses a whitelisting-type approach to catching malicious activity, says enSilo CEO Roy Katmor, who previously headed up Akamai’s security strategy, and prior to that managed Imperva's data security products and architecture management. "If you're a targeted attack and trying to work on a corporate device, you're going to make a foul. We know" how to spot the fouls, Katmor says.

"The biggest advantage of sitting in the OS is we are agnostic to protocols," Katmor says. "enSilo is a 'black box.'"

What enSilo does not do is catch the actual successful infiltration or attack. It's all about tripping up the bad guys when they try to remove data.

[Determined cybercriminals and cyberspies will find their way to the data they want, but there are ways to trip them up as they try to make their way out. Read Operation Stop the Exfiltration.]

David Monahan, research director for security and risk management at Enterprise Management Associates, says what's unique about enSilo's approach is that it looks or the moment the malware attempts to communicate to its external systems. "They have identified that malware does not like to follow the standard conventions when it comes to making its communications.  It tries any number of things to bypass the normal channels to avoid being restricted or identified by the OS," Monahan says. "At that point it [enSilo] stops the communication attempt," Monahan says.

Because this process operates at the kernel level, he says, it's difficult for an attack to cheat it or bypass it. enSilo has both a cloud- and local server option that can be integrated with perimeter security tools to block the types of behaviors it catches, he notes.

With the days of stopping attacks at the door long gone for the most part--especially given increasingly advanced and persistent attacks--security strategies are shifting to making it harder for the bad guys to do damage once they've gotten inside. That means putting up hurdles for their exfiltration phase.

In addition to its platform for preventing exfiltration, enSilo also plans to add a next-generation firewall that monitors communications to all applications and stops any malicious ones.

The first generation of enSilo products include an agent gateway, a cloud gateway, a Windows 7/8/XP agent, endpoint distribution via LDAP, SIEM integration and a software management server. Next month, enSilo will add endpoint distribution with Symantec and McAfee software, out-of-line gateway support, next-gen firewall support, and a new management server.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
3/10/2015 | 10:47:37 AM
enSilo vs Falcon
What are the differences between CrowdStrike's Falcon Endpoint and enSilo? I feel that they have a similar feel as to technique.

Also, can't this whitelisting approach be instantiated at the NIPS level as well? You are essentially stating that you will only accept traffic from the verified data transit feeds.
roy@enSilo
50%
50%
[email protected],
User Rank: Author
3/10/2015 | 6:21:06 PM
Re: enSilo vs Falcon
Hi Ryan,

Thanks for asking.

 To answer the first part of your question, enSilo vs. Falcon:

I wish not to refer to CrowdStrike's Falcon. However, I can quickly elaborate on enSilo's technology. enSilo's platform correlates the OS-related activity together with the respective actual outbound communication request. As such, enSilo prevents the consequences of the targeted attack – the data theft (exfiltration), and by design generates one alert for a single active communicating threat.

 

As for your second part, enSilo vs. NIPS –

NIPS employs packet filtering of incoming data packets. On the other hand, as mentioned, enSilo's platform correlates the OS-related activity together with the respective actual outbound communication request. As such, NIPS does not provide that intimate visibility.

 

If you want more information, feel free to PM me.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.