Solving the Endpoint Dilemma

Tom Bain, CounterTack

CounterTack is helping organizations solve an extremely difficult security problem for teams who struggle to visualize activity on endpoints across the enterprise. There is a significant lack of intelligence for incident responders and security teams that is actionable, and that provides an awareness of real-time behavior on workstations, laptops, servers and mobile devices. 

The ability to capture behavior takes away the guesswork of how specific threats can impact an organization, starting at endpoints, which are the most susceptible to sophisticated and non-sophisticated attacks, both internally and externally. CounterTack provides the visibility into user-defined behavior as those behaviors are taking place. 

Teams face the reality that there is no silver bullet, nor is there a singular technology that can detect every incoming threat. Teams need a combination of real-time, forensic-level analysis at the point of detection so they can get ahead of that threat, mitigate its proliferation and its intended path to infect additional endpoints. Having operating system visibility across the enterprise and the ability to automatically respond to escalating attacks is the only way teams can counter and resist threats before they inflict more organizational damage. 

What is Sentinel?

Built on top of a Big Data architecture to counter endpoint attacks at-scale, Sentinel leverages stealth collection technology to capture malicious behavior on workstations and servers. Sentinel dramatically reduces the impact of advanced attacks in real-time and false-positives coming from other security tools, giving teams an opportunity to defend the enterprise before incidents escalate. 

CounterTack Sentinel is the only EDR (endpoint detection and response) platform that offers teams the flexibility, scale and integration necessary to take back control of security on a global scale and effectively manage unknown threat detection. 

CounterTack’s driverless kernel module provides low-level visibility into malicious behavior from a position of stealth, with no user presence and no impact on endpoint performance or stability. Sentinel not only sees attacker behavior, it captures all events and processes in registry, file, and memory in the network that unfold as part of that attack. This unprecedented visibility provides real-time context as threats escalate so teams can make better security decisions to protect the organization.

CounterTack Sentinel combines real-time OS-level surveillance with Big Data analytics, delivering an improved, automated workflow for incident response and threat detection across the enterprise. Sentinel also ships with an advanced set of indicator profiles that automate the prescriptive analysis and remediation of known and unknown threats. The built-in, and learned intelligence over time, characterizes attack techniques in real-time, like antivirus disabling, firewall modification and evasion, where signature-based tools, whitelisting and preventative solutions are 80% blind.

How It Works and How It’s Used for Maximum Enterprise ROI

Sentinel collects endpoint intelligence from a position of stealth then de-duplicates, compresses and encrypts that data. That behavioral data is then forwarded to the Endpoint Analysis Cluster, featuring collector nodes and data nodes, which helps to characterize and correlate massive quantities of behavioral data in real-time. 

Next, from a threat standpoint, Sentinel tracks each interaction with the target OS, as well as its impact on the system, and offers enterprise-wide correlation to expose the anatomy and origin of attacks while they are still in progress. 

Operators can subscribe to real-time updates as threats escalate that provide the industry’s only “complete attack capture”—meaning continuous monitoring of advanced threats throughout the threat lifecycle—to not only remediate against the threat, but to understand how to resist that threat across massive batches of endpoints. This is where machines start to learn root cause, known good and the known bad, but also start to become immune to behaviors exhibited by unknown attacks.