The latest version of the Gartner Market Guide for Endpoint Detection and Response Solutions validates the need for real-time prevention and why the detect-then-decide approach simply can’t keep up with today’s threats.
The Gartner Market Guide for Endpoint Detection and Response Solutions highlights how the changing threat landscape is pushing Endpoint Detection and Response platforms to include prevention capabilities. This is a huge validation of the enSilo approach. Preventing attacks pre- and post-infection while also protecting the data has been part of our mission since day one. It’s also why we were the first to market with real-time orchestration of automated prevention, detection, response and self-healing remediation actions in a single platform.
Among the many things that keeps security leaders up at night is the possibility their systems, or managed services providers, will fail to spot the signal in the noise and respond to a breach quickly enough before the damage is done. Yet, most incident detection and response processes are based on the detect-then-decide approach. Attacks that move faster than you can detect-then-decide show why pre- and post-infection prevention is a critical capability.
We’ve recently published several research pieces which highlight emerging stealthy capabilities that neutralize the detect-then-decide approach to incident response. In Melting Down PatchGuard: Leveraging KPTI to Bypass Kernel Patch Protection, we demonstrate how attackers can bypass Windows kernel protections and expose kernel-mode functions to interception by malicious actors and potentially allow malware to act undetected by third-party security products that rely on user-mode hooks to monitor the OS. Gartner also highlights this danger in the Market Guide for Endpoint Detection and Response Solutions saying that “User space agents are most at risk of compromise by attackers.”
In Enter the DarkGate, we analyze DarkGate Malware. DarkGate employs a user-mode hooks bypass technique to evade identification by various endpoint protection platforms for an extended period of time and can deploy multiple payloads including cryptominers and ransomware.
Furthermore, we see fileless malware attacks nearly every day using advanced techniques to execute in memory, bypass endpoint protection platforms and strike undetected. We even produced a video showing how using a fileless attack can bypass Windows Defender, execute ransomware and encrypt an endpoint in thirty seconds.
Each of these examples highlights the importance of real-time prevention and why the detect-then-decide approach simply can’t keep up with today’s threats. enSilo stops the breach and heals endpoints in real-time so that you can conduct incident response actions without risking further infection, data loss or loss of productivity.