New RSA ECAT Release Engineered to Extend Ability to Rapidly Detect and Block Advanced Threats on Endpoints
Announcement posted by EMC 22 Jul 2015
Provides enhanced protection for endpoints by offering actionable risk-based intelligence and comprehensive visibility into threats
STORY HIGHLIGHTS
RSA, The Security Division of EMC (NYSE:EMC), today announced, the latest version of RSA® ECAT for advanced endpoint threat and malware protection. RSA ECAT is designed to enable analysts to quickly hunt down and block new malware missed by existing tools by focusing on analysing the behavior of every process on the endpoint for suspicious indicators rather than relying on traditional malware signatures. The new version of RSA ECAT also helps allow analysts to block suspicious endpoint activity across the enterprise whether the endpoints are on or off the corporate network – reducing the opportunity for an attacker to take advantage of off-network activity. Analyst response to suspicious activity is also better prioritised by a newly introduced intelligent risk scoring algorithm that is engineered to leverage advanced machine-learning techniques to enable faster detection and categorisation of a wider range of malicious endpoint behavior.
Cybercriminals are constantly developing new malware and techniques to circumvent security and penetrate an organisation’s network. The new enhancements to RSA ECAT are designed not only to automatically detect these previously unknown threats, but also will block or quarantine them, limiting the ability of an attacker to avoid detection and increase their dwell time in the network. This goes well beyond discovery of zero-day attacks or targeted attack variants by harnessing the power of memory analysis, which compares what happens in memory to what happens on disk, to spot code injection, hooking and other advanced techniques.
Cybercriminals are also taking advantage of the fact that endpoints are increasingly leveraging the public Internet and disconnected from the corporate network. To address this growing reality, RSA ECAT now is engineered to give enterprises the option for security analysts to monitor and take action on endpoints anywhere, anytime they are connected to the Internet.
Organisations are under constant attack, creating the potential for chaos and breach as analysts struggle to track down and respond to every alert, potentially missing the alert that signals the greatest threat. To address the torrent of alerts that endpoints can generate for analysts, RSA ECAT’s new intelligent risk scoring system helps allow organisations to quickly understand, prioritise, and focus on the most important incidents before they impact the enterprise.
RSA provides comprehensive visibility from the endpoint to the cloud. By combining a thorough view of behavior on the endpoint from RSA ECAT with the rich set of data from network packets and logs in RSA® Security Analytics, analysts have the ability to see and understand everything happening in their environment and within seconds can investigate incidents down to the most granular detail and take the most appropriate action.
The next version of RSA ECAT will be available in Q3 2015.
Executive Quote:
Grant Geyer, Senior Vice President, Products, RSA
“Cyber criminals are becoming more creative when it comes to developing new techniques to penetrate an organisation’s network. If a network is infected by an unknown malware, relying on signature-based tools like Anti-Virus solutions will leave you with a false sense of security. When a network is at risk, analysts must be able to detect the issue quickly, and rapidly understand the type of attack along with the affected systems to understand the extent of malicious activity at the endpoints. RSA ECAT complements our network and cloud approaches to provide pervasive visibility for faster threat detection and remediation.”
Analyst Quote:
Christina Richmond, Program Director, Security Services, IDC
“Senior security analysts often spend much of their day responding to incidents that turn out to be less critical than they originally appeared. This is the norm because they are limited in their ability to determine the sophistication and scope of an attack because of a lack of visibility into the behavior on their endpoints. Endpoint detection and response tools, like RSA ECAT, can help address this challenge by better enabling less experienced team members to prioritise suspicious activity and quickly triage alerts – enabling the entire staff to focus on the most important alerts and reducing the case load on the most experienced analysts.”
ADDITIONAL RESOURCES:
Clare Cassidy, Account Manager
Spectrum Communications
02 9469 5700
emc@spectrumcomms.com.au
About RSA
- RSA® ECAT is designed to enable active endpoint defense against advanced threats by rapidly detecting and blocking or quarantining suspicious files and processes without the need for signatures
- Now is engineered to enable real-time visibility, detection, and response on endpoints even while outside the corporate network
- Newly introduced intelligent risk scoring system is built to enable analysts to respond and take action based on highest priority incidents
- New capabilities, when combined with RSA Security Analytics, are designed to enable SOC teams to detect and respond to advanced attacks more quickly and precisely by delivering complete visibility across the entire enterprise - from the endpoint to cloud.
RSA, The Security Division of EMC (NYSE:EMC), today announced, the latest version of RSA® ECAT for advanced endpoint threat and malware protection. RSA ECAT is designed to enable analysts to quickly hunt down and block new malware missed by existing tools by focusing on analysing the behavior of every process on the endpoint for suspicious indicators rather than relying on traditional malware signatures. The new version of RSA ECAT also helps allow analysts to block suspicious endpoint activity across the enterprise whether the endpoints are on or off the corporate network – reducing the opportunity for an attacker to take advantage of off-network activity. Analyst response to suspicious activity is also better prioritised by a newly introduced intelligent risk scoring algorithm that is engineered to leverage advanced machine-learning techniques to enable faster detection and categorisation of a wider range of malicious endpoint behavior.
Cybercriminals are constantly developing new malware and techniques to circumvent security and penetrate an organisation’s network. The new enhancements to RSA ECAT are designed not only to automatically detect these previously unknown threats, but also will block or quarantine them, limiting the ability of an attacker to avoid detection and increase their dwell time in the network. This goes well beyond discovery of zero-day attacks or targeted attack variants by harnessing the power of memory analysis, which compares what happens in memory to what happens on disk, to spot code injection, hooking and other advanced techniques.
Cybercriminals are also taking advantage of the fact that endpoints are increasingly leveraging the public Internet and disconnected from the corporate network. To address this growing reality, RSA ECAT now is engineered to give enterprises the option for security analysts to monitor and take action on endpoints anywhere, anytime they are connected to the Internet.
Organisations are under constant attack, creating the potential for chaos and breach as analysts struggle to track down and respond to every alert, potentially missing the alert that signals the greatest threat. To address the torrent of alerts that endpoints can generate for analysts, RSA ECAT’s new intelligent risk scoring system helps allow organisations to quickly understand, prioritise, and focus on the most important incidents before they impact the enterprise.
RSA provides comprehensive visibility from the endpoint to the cloud. By combining a thorough view of behavior on the endpoint from RSA ECAT with the rich set of data from network packets and logs in RSA® Security Analytics, analysts have the ability to see and understand everything happening in their environment and within seconds can investigate incidents down to the most granular detail and take the most appropriate action.
The next version of RSA ECAT will be available in Q3 2015.
Executive Quote:
Grant Geyer, Senior Vice President, Products, RSA
“Cyber criminals are becoming more creative when it comes to developing new techniques to penetrate an organisation’s network. If a network is infected by an unknown malware, relying on signature-based tools like Anti-Virus solutions will leave you with a false sense of security. When a network is at risk, analysts must be able to detect the issue quickly, and rapidly understand the type of attack along with the affected systems to understand the extent of malicious activity at the endpoints. RSA ECAT complements our network and cloud approaches to provide pervasive visibility for faster threat detection and remediation.”
Analyst Quote:
Christina Richmond, Program Director, Security Services, IDC
“Senior security analysts often spend much of their day responding to incidents that turn out to be less critical than they originally appeared. This is the norm because they are limited in their ability to determine the sophistication and scope of an attack because of a lack of visibility into the behavior on their endpoints. Endpoint detection and response tools, like RSA ECAT, can help address this challenge by better enabling less experienced team members to prioritise suspicious activity and quickly triage alerts – enabling the entire staff to focus on the most important alerts and reducing the case load on the most experienced analysts.”
ADDITIONAL RESOURCES:
- Learn more about the new features in RSA ECAT in this video
- Check out the Rule your Endpoints eBook
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast
Clare Cassidy, Account Manager
Spectrum Communications
02 9469 5700
emc@spectrumcomms.com.au
About RSA