View
Sorting
Products found: 15
AnubisNetworks MPS
- DLP - Data Leakage Protection
- Multitenant Quota management
- White & Blacklists inheritance
- Attachments Discovery
- BCC and Archiving plugins
- AD Integration for AAA
Big Switch Networks Big Monitoring Fabric
Big Monitoring Fabric enables end-to-end visibility and security for applications, based on their networking behaviors, for both on-premises and public cloud deployments.
Big Monitoring Fabric enables pervasive security and monitoring of network traffic for an organization and selectively delivers it to multiple security, monitoring, performance measurement and compliance tools—both Inline and Out-of-Band. Leveraging an Open Ethernet switch fabric and an SDN Big Tap Controller, Big Monitoring Fabric is a highly scalable and cost-effective network visibility solution. Using an SDN-centric architecture, Big Tap enables tapping traffic everywhere in the network and delivers it to any troubleshooting, network monitoring, application performance monitoring or security tools.
The centralized Big Tap Controller software compiles user-defined policies into highly optimized flows that are programmed into the forwarding ASICs of bare metal Ethernet switches running production grade Switch Light Operating System.
There are two versions of the product:Big Mon Fabric — Public Cloud and Enterprise Cloud — leverage the same technologies. These technologies offer best-in-class economics for any monitoring infrastructure today.
Blue Coat Systems Advanced Threat Protection
The Blue Coat Advanced Threat Protection solution integrates technologies from the Blue Coat Security and Policy Enforcement Center and the Resolution Center. It delivers a comprehensive, integrated and modern approach to advanced persistent threats, advanced targeted attacks, advanced malware, unknown malware and zero-day threats through its Advanced Threat Protection Lifecycle Defense.
This defense is the first to integrate a business process view that aligns with how your security team operationalizes new intelligence and technologies to fortify your security infrastructure against future attacks.
The Blue Coat Advanced Threat Protection Lifecycle Defense operates in three stages:
Detect and Protect for Ongoing Security Operations: The Blue Coat Secure Web Gateway and Blue Coat Content Analysis System with malware scanning engines, protect in real-time against known threats, malicious sources, and malware delivery networks. Contextual information about new threats is shared locally and globally via the Blue Coat global intelligence network in a continuous feedback loop that extends threat knowledge and protection effectiveness.
Analyze and Mitigate for Incident Containment: Unknown threats are escalated for incident containment using the Blue Coat Content Analysis System and Security Analytics Platform, which both use the Blue Coat Malware Analysis Appliance. As the behaviors and characteristics of unknown or advanced malware and zero-day threats are learned through automated analysis, that intelligence is shared across the security infrastructure, shifting protection to the gateway for a more scalable defense.
Investigate and Remediate for Incident Resolution: The Security Analytics Platform allows security incident escalation for retrospective analysis to enable threat profiling and incident resolution. Intelligence of the now-known threat is used to investigate and remediate the full scope of the attack, including other instances of the threat already on the network. The intelligence on the full scope of the attack is shared locally across the security infrastructure as well as globally across Blue Coat’s 15,000 customers and 75 million users to operationalize the new knowledge and fortify the security infrastructure.
The Blue Coat Advanced Threat Protection solution is designed to integrate into your existing security infrastructure, including your IPS, NGFW, SIEM and malware sandbox solutions, allowing you to deploy a defense-in-depth approach that shares information to increase protection.
Check Point SandBlast
Check Point SandBlast Agent provides purpose-built advanced Zero-Day Protection capabilities to protect web browsers and endpoints, leveraging Check Point’s industry leading network protections.SandBlast Agent ensures complete real-time coverage across threat vectors, letting your employees work safely no matter where they are without compromising on productivity. Threat Emulation capability emulates unknown files in contained environment to detect malicious behaviors and prevent infections while Threat Extraction provides sanitized risk-free files to the users instantly.
Anti-Ransomware protection stops ransomware in its tracks and reverses the damage automatically, ensures organizations are protected against malicious extortion attacks that encrypt business data and demand ransom payment for its retrieval. Zero Phishing proactively blocks access to new and unknown deceptive websites and safeguards user credentials by preventing the use of corporate passwords on external websites.
SandBlast Agent captures forensics data with continuous collection of all relevant system events, and then provides actionable incident analysis to quickly understand complete attack lifecycle. With visibility into the scope, damage, and attack vectors, incident response teams maximize productivity and minimize organizational exposure.
Features:
- Threat Emulation: Evasion resistant sandbox technology
- Threat Extraction: Delivers sanitized risk-free files to users in real-time
- Anti-ransomware: Prevents and remediates evasive ransomware attacks
- Zero-Phishing: Blocks deceptive phishing sites and alerts on password reuse
- Anti-Bot: Identify and isolate infected hosts
- Anti-Exploit: Protects applications against exploit based attacks
- Behavioral Guard: Detects and blocks malicious behaviors
- Endpoint Antivirus: Protects against known malware
- Forensics: Records and analyzes all endpoint events to provide actionable attack forensics reports
Benefits:
- Advanced threat protection and automated endpoint forensic analysis for all malware types
- Prevents and remediates evasive ransomware attacks
- Proactively blocks known, unknown and zero-day malware
- Provides instant actionable understanding of attacks
- Automatically remediates infections
- Protects users credentials
Cisco Advanced Malware Protection (Cisco AMP for Endpoints)
- Filtering out policy-violating files from the Internet, e-mails, and more.
- Detecting and protecting against client-side exploit attempts and exploit attempts aimed at client applications like Java and Flash.
- Recognizing, blocking, and analyzing malicious files.
- Identifying malware patterns and anticipating potentially breached devices.
- Tracking malware’s spread and communications.
- Alleviating threats of reinfection.
Digital Guardian Advanced Threat Protection
- Detect in real-time behaviors indicative of attacks targeting your systems, users and data via Digital Guardian’s attack sequencing approach.
- Set rules to alert the user to the presence of an attack (via prompts) stop the attack in progress; notify IT in near real time and initiate collection of artifacts for forensic validation.
- Expedite delivery of critical alerts to speed response time and containment.
- View correlated events and individual alerts for visibility of an attack or malicious activity by highlighting the individual rules which triggered the correlated event.
- Automate collection of artifacts to reduce response time and enhance the ability to stop an attack in progress.
- See all systems that are at risk or infected by using Digital Guardian’s automated binary analysis to track any file determined to be malicious or suspicious.
- Protect your endpoints from threats discovered at the network layer using DG’s integration with existing malware protection systems (FireEye and Palo Alto).
- Download threat information from third party threat feed sources you define, directly to the DG agent to block agent execution within minutes of identification of known threats.
- Use network security infrastructure to gather and submit suspicious files for detonation before they execute.
- Get additional analysis and guidance on what action to take as a result of direct integration with VirusTotal. For example, automate the submission of a file hash for immediate analysis or industry reputation and if deemed to be a threat, all endpoints can be informed of the threat and set to block and alert should the threat be seen by any system whether on or off your network.
- Real-time visibility. To avoid the risk of missing critical artifacts and to maintain a full narrative of an attack you need real-time visibility. Digital Guardian includes real-time and historic visibility into more than 200+ parameters associated with system activities. This includes: process activity, user-mode and kernel execution events, file system activity, network and registry activity, and user-logon activity. Deep visibility ensures you have all the critical information needed to identify patient zero and drastically reduce your overall response time while validating the impact the attack had on your data.
- Context. Security teams today are overwhelmed with alerts from ineffective products that lack any context or prioritization of attacks; so they end up missing the real threats targeting their data. Digital Guardian provides host visibility as well as contextual intelligence about attacks targeting your data. Our solution gives you the context required to prioritize your response and answer the crucial who, what, why, and how questions.
- Data awareness. Advanced threats are intent on compromising your systems in order to gain access to your data. To protect your most critical data you must first understand it. New advanced threat protection products have no concept of data and traditional DLP products lack the understanding of threats. Digital Guardian is the first product to bridge the gap between system security and data protection by delivering a single solution combining threat prevention with context based data protection from a single agent.
- Flexible deployment. Only Digital Guardian offers complete data protection through an on premise, cloud-based managed service, or a hybrid of both. Our cloud-based managed services are the answer if you have more IP than IT. As an extension of your team, we’ll expertly develop, deploy, and manage all of your policies enterprise-wide as if they were our own.
FireEye Malware Analysis (AX)
FireEye Malware Analysis is a forensic analysis solution that gives security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day and advanced persistent threat (APT) attacks embedded in web pages, email attachments and files.
As cyber criminals tailor attacks to penetrate a specific business, user account or system, analysts need easy-to-use forensic tools that help them rapidly address targeted malicious activities.
HIGHLIGHTS:
- Performs deep forensic analysis through the full attack life cycle, using the FireEye MVX engine
- Streamlines and batches analysis of suspicious web code, executables and files
- Reports in-depth on system-level OS and application changes to file systems, memory and registries
- Offers live-mode or sandbox analysis to confirm zero-day exploits
- Dynamically generates threat intelligence for immediate local protection via integration with FireEye Central Management
- Captures packets to allow analysis of malicious URL session and code execution
- Includes the FireEye AV-Suite to streamline incident response prioritization
- Includes support for Windows and MacOS X environments
Forcepoint Advanced Malware Detection
Fortinet FortiSandbox
LookingGlass ScoutShield
ScoutShield Threat Intelligence Gateway is a high-assurance, low-touch security appliance designed to work with firewalls to identify and block phishing, malware, and malicious Command-and-Control (C2) domains – disrupting or stopping these threats.
The ScoutShield solution ingests LookingGlass Automated Data Services’ machine-readable threat intelligence to automatically block known phishing URLs, malicious URLs, and malicious C2 Domains.
- Malicious C2 Domains Feed - Daily updated blacklist of all known C2 botnet servers
- Phishing URL Feed - Real-time feed of global phishing URLs
- Malicious URL Feed - Real-time feed of global malicious URLs
ScoutShield’s automated response mechanism allows organizations to respond more efficiently and effectively to threats, so you can combat data breaches, ransomware, and stolen credentials in real-time. Using ScoutShield’s multiple Monitoring and Reporting Dashboards enable your security team to easily determine the effectiveness of policy enforcement, the health of the entire system, and if threat intelligence rule sets have been deployed successfully.
Use ScoutShield to:
- Protect against known malicious web pages and phishing attacks with 99.99% accuracy
- Prevent infected devices from communicating with C2 servers automatically
- Enable your security analysts to mitigate threats in real-time, increasing productivity
- Deliver digestible insights on using its multiple dashboards: Appliance, System, Threat Intelligence,
and Threat Mitigation. - Alert your organization of compromises on the network
McAfee Advanced Threat Defense
- Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.
- User interactive mode: Enables analysts to interact directly with malware samples.
- Extensive unpacking capabilities: Reduces investigation time from days to minutes.
- Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
- Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
- Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.
- Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.
Palo Alto Networks WildFire
Palo Alto Networks WildFire cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The service employs a unique multi-technique approach, combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.
WildFire changes the equation for adversaries, turning every Palo Alto Networks platform deployment into a distributed sensor and enforcement point to stop zero-day malware and exploits before they can spread and become successful.Within the WildFire environment, threats are detonated, intelligence is extracted and preventions are automatically orchestrated across Palo Alto Networks Next-Generation Security Platform in as few as five minutes of first discovery anywhere in the world.
WildFire goes beyond traditional approaches used to detect unknown threats, bringing together the benefits of four independent techniques for high-fidelity and evasion-resistant discovery, including:
Dynamic analysis – observes files as they detonate in a purpose-built, evasion-resistant virtual environment, enabling detection of zero-day exploits and malware using hundreds of behavioral characteristics.
Static analysis – highly effective detection of malware and exploits that attempt to evade dynamic analysis, as well as instant identification of variants of existing malware.
Machine learning – extracts thousands of unique features from each file, training a predictive machine learning model to identify new malware – which is not possible with static or dynamic analysis alone.
Bare metal analysis – evasive threats are automatically sent to a real hardware environment for detonation, entirely removing an adversary’s ability to deploy anti-VM analysis techniques.
Together, these four unique techniques allow WildFire to discover and prevent unknown malware and exploits with high efficacy and near-zero false positives.
WildFire threat analysis service:
- Detects evasive zero-day exploits and malware with a unique combination of dynamic and static analysis, novel machine learning techniques, and an industry-first bare metal analysis environment.
- Orchestrates automated prevention for unknown threats in as few as five minutes from first discovery anywhere in the world, without requiring manual response.
- Builds collective immunity for unknown malware and exploits with shared real-time intelligence from approximately 17,000 subscribers.
- Provides highly relevant threat analysis and context with AutoFocus.
Proofpoint Targeted Attack Protection
Proofpoint Targeted Attack Protection (TAP) helps detect, mitigate, and block advanced threats that target people through email. We detect both known and new, never-before-seen attacks that use malicious attachments and URLs to install malware on a device or trick users to share their passwords or other sensitive information. TAP is unmatched in stopping targeted attacks that use polymorphic malware, weaponized documents, and credential phishing to access sensitive information or steal money.
TAP provides the first line of defense at the email gateway. TAP has two components:
Attachment Defense: TAP can hold messages until a verdict is received after analysing the attachment. Clean ones are delivered to the inbox and threats are quarantined.
URL Defense: Messages containing URLs that are known to be malicious are immediately quarantined. TAP rewrites all other URLs in order to track and block clicks. When users click on the rewritten URLs, TAP redirects them — based on the verdict from inspection — to either the original webpage or a customizable block page that prevents access to compromised site.
TAP is built on the Proofpoint next-generation email security platform, which offers clear visibility into all email communications. This means that TAP has greater context to extract threat intelligence, quickly mitigate the attack surface by blocking malicious messages, and reduce your security risk.
Our advanced threat solutions continually adapt to detect new attack patterns. TAP inspects the entire attack chain using static and dynamic techniques. We analyse potential threats in several stages using multiple approaches to examine behavior, code, and protocol. TAP uses unique features, such as predictive analysis to identify and sandbox suspicious URLs before users can click on them.
Proofpoint TAP includes a web-based graphical dashboard that provides data at organizational, threat, and user levels to help you prioritize alerts and take action. Detailed forensic information on both individual threats and campaigns is provided to you in real time.
Proofpoint TAP is easily configured as add-on modules to the Proofpoint email security platform, which can be deployed as a cloud service, virtual appliance, or hardware appliance. Proofpoint also uses the cloud to instantly update our software every day to quickly incorporate new features and help you stay ahead of attackers.
Trend Micro Deep Discovery Analyzer
Deep Discovery Analyzer extends the value of existing security investments from Trend Micro and third-parties (through a web services API) by providing custom sandboxing and advanced analysis. It can also provide expanded sandboxing capabilities to other Trend Micro products. Suspicious objects can be sent to the Analyzer sandbox for advanced analysis using multiple detection methods. If a threat is discovered, security solutions can be updated automatically.
KEY CAPABILITIES:
Custom Sandbox Analysis uses virtual images that are tuned to precisely match your system configurations, drivers, installed applications, and language versions. This approach improves the detection rate of advanced threats that are designed to evade standard virtual images. The custom sandbox environment includes safe external access to identify and analyze multi-stage downloads, URLs, command and control (C&C), and more, as well as supporting manual or automated file and URL submission.
Flexible Deployment Analyzer can be deployed as a standalone sandbox or alongside a larger Deep Discovery deployment to add additional sandbox capacity. It is scalable to support up to 60 sandboxes in a single appliance, and multiple appliances can be clustered for high availability or configured for a hot or cold backup.
Advanced Detection Methods such as static analysis, heuristic analysis, behavior analysis, web reputation, and file reputation ensure threats are discovered quickly. Analyzer also detects multi-stage malicious files, outbound connections, and repeated C&C from suspicious files.
Broad file analysis range Examines a wide range of Windows executables, Microsoft Office, PDF, web content, and compressed file types using multiple detection engines and sandboxing. Custom policies can be defined by file type.
Document exploit detection Discovers malware and exploits delivered in common document formats by using specialized detection and sandboxing.
URL analysis Performs sandbox analysis of URLs contained in emails or manually submitted samples.
Web services API and manual submission Enables any product or malware analyst to submit suspicious samples. Shares new IOC detection intelligence automatically with Trend Micro and third-party products.
Support for Windows, Mac, and Android operating systems.
Detect ransomware Detects script emulation, zero-day exploits, targeted and password-protected malware commonly associated with ransomware. IT also uses information on known threats to discover ransomware through pattern and reputation-based analysis. The custom sandbox can detect mass file modifications, encryption behavior, and modifications to backup and restore.
Zscaler Cloud Sandbox
Zscaler Cloud Sandbox uses advanced behavioral analysis techniques to find and block zero-day threats. Delivered as a service from the Zscaler global security cloud, Zscaler Cloud Sandbox provides a higher level of threat protection than any other solution.
With Zscaler, you can sandbox any suspicious or unknown file without backhauling traffic to the data center. Since Zscaler Cloud Sandbox is implemented from the cloud, it protects all of your users, regardless of their locations. This means that remote office workers and mobile users get the same level of protection as the users at your headquarters, without costly MPLS links or cumbersome VPN connections. Zscaler Cloud Sandbox is architected to provide inline protection to block threats before they enter your network. Malicious files are instantly blocked, quarantined, or flagged based on your defined policies.
Unlike appliances, which work in isolation, Zscaler Cloud Sandbox is fully integrated into the Zscaler Cloud Security Platform to deliver maximum threat visibility and multilevel protection. Because Zscaler is delivered as a service, there is no hardware deploy and manage, and no software to update.
The processing power of Zscaler Cloud Sandbox lets us inspect all suspicious and unknown files with efficiency. Data is correlated across multiple security engines to identify and block sophisticated threats that go undetected by traditional appliances. By performing this in-depth level of sandbox pre-processing, we streamline the detection of suspicious files and improve the user experience. And because SSL inspection is native to the cloud security platform, the tactic of hiding attacks behind encryption fails as well. Malicious files are instantly blocked, quarantined, or flagged based on your defined policy, which can be easily scaled across all users.
Zscaler Cloud Sandbox uses cloud intelligence gained from more than 60 billion transactions processed every day at peak periods and more than 120,000 unique security updates. Once a threat is identified anywhere in the Zscaler cloud, it is immediately blocked for all customers. By default, the Zscaler security cloud sandboxes all executables and libraries to improve the protection to all customers. Zscaler also incorporates over 40 partner threat feeds to make sure the latest threat intelligence is applied across the cloud, which minimizes the number of files that need to be sandboxed.
Zscaler Cloud Sandbox provides:
Integrated platform service
- Pre-filters all known threats using threat feeds from 40+ security partners
- Offers native SSL inspection to close security gaps
- Provides APT protection — for both inbound and outbound traffic
- Delivers rich forensics — including intelligence on users, locations, origins, and evasive tactics
Inline inspection of all suspicious and unknown files
- Fully analyzes executables, libraries, Office documents, archives, and web and mobile content
- Enforces patient-zero quarantines
- Enables manual file submission via a sandbox scanning portal
Uniform policies across all users and locations
- Defines global policies from a single console
- Enforces policy changes immediately across all users, regardless of location
Benefits:
Simply Scalable. Break free from costly gateway-based architectures. Scale protection across all users and all locations with ease from the cloud.
Better Protection. Deliver a fully integrated sandbox solution that can inspect all traffic, including SSL, without performance limitations.
Cost-Effective. Minimize IT procurement and administration costs with protection that easily grows with your needs.
Cloud Intelligence. Empower your sandbox with the power and visibility of the world’s largest security cloud.
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.