Adlumin's flagship product Sentry is a cloud delivered SaaS platform that detects identity based attacks in real time using user behavior analytics and active defense. We find attackers impersonating your legitimate employees. As a cloud delivered SaaS application Sentry deploy's in minutes and starts detecting threats immediately by building a pattern of life for every user. User & Entity Behavior Analytics (UEBA)

• Artificial Intelligence-Based Decisions
• No Rules to Write or Hardware to Manage
• Artificial Intelligence Writes Your SIEM Rules
• 24/7 Network Vulnerability Assessment
• Analyzes Firewall, VPN Log Data, & Network
• Automated Anomaly Interpretation
• User and Device Context/Correlation

Log/Device Management

• Automated log and Device Ingest
• Critical Server Log Management
• Real-time Intrusion Detection Alerts
• Windows & Linux Server Management
• Cloud and On-premise Ingest
• Integrated Compliance Management (PCI, FFIEC, FINRA)
• Secure & Encrypted Log Management
• Log Data Normalization

Automated Compliance

• Includes Reports Designed to Hand to Your Financial Auditor
• Risk Management, Visualization, and Analysis
• Automated Reporting for Auditors and Compliance
• Make Decisions in Minutes, Not Days
• Financial Compliance Audit Reports Included
• Know Everything About an Account with 1 Click
• 90-Days of Research Included with SIEM
• 24/7 Anomaly Hunting w/o Hiring Anyone
• Designed for Financial Institutions
• Understand Risk with 1 Button Click

Adlumin collects and indexes data from just about any source imaginable – network traffic, web servers, VPNs, firewalls, custom applications, application servers, hypervisors, GPS systems, and preexisting structured databases. Not only does Adlumin ingest data from any source on your network, we also run sophisticated analytics and machine learning algorithms against all incoming events and use the results as metrics to determine what is anomalous and what is malicious.

Industrial control systems have long been considered immune to cyber attacks as they are mostly isolated from the Internet. Unfortunately, this no longer holds true. Today’s advanced cyber attacks are targeting critical infrastructures and organizations with highly valuable information, leading to sabotage of massive assembly lines, severe economic damages, and data breaches. AhnLab EPS is a compact, optimized security solution for industrial systems based on whitelisting. Find out how EPS ensures the stability of operations and increases endpoint security effectiveness without impacting business productivity. Features: Whitelist Approach Application whitelisting takes a proactive approach, denying everything that is not specifically approved. This approach allows only trusted programs in the whitelist, in contrast to traditional reactive solutions that only block known threats that are explicitly defined in a blacklist. By ensuring that only clean, approved applications can be executed, it protects networks from a broader range of potential threats. Specialized for Industrial Systems The importance and nature of industrial control systems, such as production lines, plants, and Point of Sales (POS) machines, present particular challenges to ensuring their continued security and stability. Coupled with restrictive controls on clients in these systems, EPS ensures stable system operation and security integrity in industrial environments. Complete Network Control Enables you to control the direction of communication and block malicious network IPs and ports in to keep potential risks at bay. Customize your protection for networks and preempt threats. Simplified Endpoint Protection EPS places its powerful antivirus engine on the central server, so that IT administrators do not need to update and maintain the signatures at every endpoint. Learning Mode Administrator can simulate the results when the configured settings or security policies are applied to real circumstances. It helps reduce disruptions to productivity and unexpected errors that are common with untested deployments. Advantages: Stability

• Proactively protects against unknown malware
• Prevents malware-induced security breaches
• Provides system stability without requiring signature or patch updates

Productivity

• Eliminates interruptions caused by malicious or unauthorized software
• Operates around the clock without the need for constant maintenance
• Allows simple administration and implementation

Cost-cutting

• Reduces system and data restoration costs by preventing malware damages
• Reduces time and costs required for system security and maintenance

Alcide Kubernetes Advisor is a Kubernetes multi-cluster vulnerability scanner that covers rich Kubernetes and Istio security best practices and compliance checks such as Kubernetes vulnerability scanning, hunting misplaced secrets, or excessive secret access, workload hardening from Pod Security to network policies, Istio security configuration and best practices, Ingress controllers for security best practices, Kubernetes API server access privileges and Kubernetes operators security best practices. Alcide Advisor is an agentless Kubernetes audit, compliance and hygiene scanner that’s built to ensure a friciton free DevSecOps workflows. Alcide Advisor can be plugged early in the development process and before moving to production. Get a single-pane view for all K8s-related issues: audit, compliance, topology, network, policies, and threats with Alcide Advisor, and integrate it with your CI/CD pipeline. With Alcide Advisor, the security checks you can cover includes:

• Kubernetes infrastructure vulnerability scanning
• Hunting misplaced secrets, or excessive priviliges for secret access
• Workload hardening from Pod Security to network policies
• Istio security configuration and best practices
• Ingress Controllers for security best practices
• Kubernetes API server access privileges
• Kubernetes operators security best practices
• Deployment conformance to labeling, annotating, resource limits and much more

Whether you are looking to secure Kubernetes cluster hygiene in your CI+CD pipeline, or to ensure consistent multi-cluster conformance, Alcide Kubernetes Advisor provides you with valuable benefits from day one: SecOps get visibility Into Kubernetes black box – from network and hygiene perspective and are able to get high resolution in cluster detection of threats. DevOps get to harden their cluster’s security and detect drifts in their software supply chain. Alcide also supports policy customization by security pros, that are monitored by DevOps. You can apply multiple policies managed by different teams, and violations can be routed to either ChatOps tools like Slack or security toolchain like Splunk.

Allure Security reduces data loss by analyzing risks associated with document access and sharing activities, inside and outside of an organization’s control. Their patented technology combines the power of beacons, threat intelligence and active defense to detect and respond to digital risks, better understand the scope of attacks and hold bad actors accountable. Fields of Appliance: Website Spoofing Allure Website Beacons detect a spoofed website as soon as it is viewed by the first visitor, which initiates the take down process immediately upon fraud being committed. Intelligence is then collected to quantify customer and brand impact, inform responses (i.e. notify impacted clients to reset passwords) and uncloak attackers. The spoofed website can also be flooded with decoy credentials until the site is taken down to devalue the information collected by the adversary, and Allure Decoy Documents are used to detect intrusions resulting from attacks. Cloud-Share Risk Allure continuously watch document activities in the cloud and use patented document beacons to track documents after they’ve been downloaded, copied or shared externally. We enrich all file activities with proprietary geofence insights and leverage unique model-based analytics to surface and mitigate risks that otherwise go undetected and unaddressed. Users can generate scheduled or on-demand risk reports, integrate with a SIEM to correlate findings, create custom email alerts based on specific criteria, and deploy decoy documents to foil and reveal hackers and leakers. Intrusions & Insiders Allure uses attacker behaviors and confidence to the advantage of investigators to narrow and eliminate suspects by planting or sharing alluring documents with beacons to see who takes the bait. Once documents are opened, investigators will receive proprietary geofence and telemetry insights. Attackers and leakers can be revealed by correlating Allure's insights with other available data, and attackers can be held accountable by sharing identifiable findings with company decision makers and/or law enforcement. What it provides?

• Third-Party Monitoring. Know when third parties mishandle or share files outside of policy
• Document Flow Analytics. Uncover file access and sharing patterns both inside and outside of an organization
• Breach & Leak Detection. Be alerted early in the attack cycle if sensitive files are compromised or exfiltrated
• Risk Reports. Schedule monthly reports or generate them on-demand
• Data Loss Forensics. Track data loss back to the source and hold culprits accountable
• Geo Location Enrichment. Enrich file logs with proprietary geo location insights

Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK. Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation. The AlphaSOC Analytics Engine performs deep investigation of the material, such as:

• Volumetric and quantitative analysis (counting events, identifying patterns)
• Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
• Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
• Gathering of reputation data (e.g. WHOIS and associated malware samples)
• Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)

Particular use cases solved by Network Behavior Analytics include:

• Uncovering C2 callbacks and traffic to known sinkholes
• Tor, I2P, and Freenet anonymized circuit identification
• Cryptomining and JavaScript cryptojacking detection
• Flagging traffic to known phishing domains
• Brand impersonation detection via Unicode homoglyphs and transpositions
• Flagging multiple requests for DGA domains, indicating infection
• DNS and ICMP tunneling and exfiltration detection
• Alerting of lateral movement and active network scanning
• Policy violation flagging (e.g. third-party VPN and P2P use)

For Service Providers Grow your revenue and lower your costs, managing and selling email security services. The great skillset of Service Providers, their ability with communications networks, and especially their proximity to customers, make Service Providers especially fit to provide carrier-grade systems and value-added managed services on the Cybersecurity market. For Enterprises Email security is critical for business to face the growth of cyber threats The permanent relevance of Email in organizations, affected by the increasing security concerns associated with phishing, data leakage, and privacy protection, among others, pushes Service Providers to provide Email Security on top of the existing email infrastructure. Preferably, with an Email Security service robust enough to build trust on organizations, while becoming a value added service for the cloud platform itself, as well as hosted Service Providers and Resellers. MPS Characteristics AnubisNetworks Global Threat Intelligence Platform AnubisNetworks’ security ecosystem permanently monitors the world for Botnets, IP Reputation, Email phishing and Malware campaigns, and communicates with MPS edge filters, for real time proactive malware prevention. Control Features on top of Security Features DLP (Data Leakage Protection), Quota Management, Rate control, Email Validation, transport Encryption and many other features are available per user and per scope, taking this platform far beyond Email Security. Complete Visibility on your platform Complete details on messages and queues for inbound and outbound flows. MPS also contains several dashboard data, system auditing, business information tools, each feature configurable by scope and data. Customizable/White Label GUI Each of the hierarchy scopes can be fully customized with your brand identity, your partners and your end customers. Lean Management of Quarantine Quarantine can be managed by IT and/or end users, in a centralized console, with the option of web end user interface and/or email interface (via periodic digests). Hierarchic Multitenant System for Inbound and Outbound An advanced architecture with several administration scopes (Virtual scopes, SMTP domains and LDAP based Organizational units), each with distinct roles – including Helpdesk users - for both centralized and delegated management. Email Secure Routing and Virtual Aliases MPS brings a new dimension to email routing management by enabling the usage of BCC, Email Queue holding, Distribution lists, Virtual Aliases, and Listeners based routing. And protected under SPF, TLS and DKIM encryption mechanisms. Auditing, Monitoring and Billing information Advanced and easy access to detailed information on all activities and system information, for billing, auditing and compliance purposes. Email Control

• DLP - Data Leakage Protection
• Multitenant Quota management
• White & Blacklists inheritance
• Attachments Discovery
• BCC and Archiving plugins
• AD Integration for AAA

AppGuard Server is a zero-trust host-based endpoint protection agent for Windows and Linux servers, centrally managed from the same system as agents for laptops and desktops. Unlike alternatives that must quarantine and restore a server at any indication of possible malice, AppGuard Server allows mission-critical Apps to safely run safely until a scheduled maintenance window, even if suspicious processes have elevated privileges. AppGuard footprint is 10 to 200 times lighter than alternatives in terms of CPU, memory, install size, and network bandwidth. Server security is different than PC protection What you need to protect in a server is different than in a PC. There are cases where Anti Virus software used in PC are installed in Servers, however, in reality, it does not provide robust security. This is because what you want to protect in a server is different than a PC. In a PC, the user will read an email, surf the web, and execute applications used for business. In contrast, there are different types of servers ranging from database servers, IIS and Web servers, AD servers, SQL servers, etc. Protecting what matters depends on the types of servers you want to protect. You need a security solution that is dedicated to the type of server to provide complete safety. Adversaries also conducts their attack based on the types of servers. There is no security solution today that is optimized for Server protection Today, the main security products available for servers are based on Whitelisting. Whitelisting controls the launch of applications. The biggest issue with whitelisting is its difficulty in maintaining the whitelist. Whitelisting requires updating a list of application permitted to launch. This has to be specified by every version, patch, etc. of all application that will be used on the server. In a dynamic environment, it requires tremendous effort to maintain this list for all servers in the enterprise. In reality, many organizations use network security such as firewalls to protect their servers. However, if an attack gets through the network security, there is a high risk of servers getting compromised. ServerGuard dedicated to server security SERVERGUARD provides optimal security for the individual purpose of the server. It prevents Pass the Hash and Pass the Ticket types of attacks. SQL injection and worm based attacks from networks can also be prevented. Based on the patented Isolation technology, SERVERGUARD will prevent any process that will harm the system configuration and will ensure the normal operation of the server and will protect the safety of the system. Features: Containment. Prevents App Exploits, SQL injections and other attacks from using Apps to infect server or other Apps Isolation. Prevents malicious processes from altering or stealing data from an App or resource, such as password caches Set & Forget System. Controls auto-adapt to App updates, patches, and the unexpected, eliminating the need for policy updates from month to years Lightweight. Ten to two hundred times lighter in terms of CPU memory, install size and network bandwidth Cloud & Hardware Independent. Works in conjunctions with hosts regardless of cloud or h/w. No protection degradation from net isolation Mission Critical Resilience. Allows mission critical Apps to keep running safely despite a malicious process in server Benefits:

• Simple Deployment
• Real-Time Protection
• Prevents In-Memory Attacks
• No Sandboxing

Running a business is stressful enough in this economy. There was a time when you only needed to worry about a few suspicious email messages in your inbox. Now, any message could be a potential phishing threat lurking in your inbox. It only takes one email to trick your employees and penetrate your network. AppRiver’s Advanced Email Security blocks 99 percent of unwanted mail and malware, keeping your inbox clean and your network safe. Our Threat Intelligence technology relies on the AppRiver security platform and expert human analysis to identify threats and evolve our defenses in real time, keeping our customers safe from brand-spoofing attacks, Business Email Compromise (BEC) attempts, conversation hijacking, and other potentially harmful forms of social engineering. Impersonation Protection Email Security defends businesses and trusted individuals from targeted email attacks such as Whaling or BECs. Our technology checks deceptive email address sources against key display names and quarantines the message or flags the message with a customizable indicator in the subject line. Features:

• Modern dashboard that spotlights phishing and malware threats
• Real-time protection from phishing and malware
• Proprietary technology that protects against conversation hijacking
• Maximizes or limits user control options
• Over 60 filtering techniques
• Office 365-compatible
• Efficiently filters quarantine with convenient declutter feature
• Viewable or searchable quarantined messages for a domain
• Downloadable messages for further analysis
• Full security management with Two-Factor authentication (2FA)

Our SaaS-solution checks mobile apps using static and dynamic analysis, to detect vulnerabilities and risky behavior. The result is the strongest black- and whitelisting portfolio with secure and productive apps on the market. The reviewed app-portfolio enables to increase productivity, as well as the automated protection of company data in every mobile IT environment. By enhancing leading MDM systems with APPVISORY functions, security and data protection can be ensured. INTELLIGENT The APPVISORY app portfolio with several hundredthousand app-analyses is permanently being optimized and refined. Apps in use that are not yet part of the database run through a realtime-riskevaluation, to offer companys a way of swift decision making. MDM systems can be expanded by APPVISORY functions and can be integrated automatically to increase the security and dataprotection on mobile devices significantly without extra effort. SECURE With the help of static and dynamic analyses mobile apps are being tested to detect vulnerabilities and risky behavior. The technology is being developed and optimized for years to come by IT securityexperts to ensure continuous protection of company data and GDPR compliance. SCALABLE The app-portfolio is growing continuously and stays updated at versionupdates using Re-Tests. The cloudbased approach makes APPVISORY indepent of hard- and software circumstances and universally deployable. App risk management is therefore usable in every IT environment. Features: App Risk Management

• Security classification of the top apps from the commissioned commercial app stores
• Intuitively understandable security classification of apps in the APPVISORY ® evaluation procedure
• Changes of the security status of an app will be highlighted in the APPVISORY ® app catalog

Administrator console

• Development, service und hosting in Germany
• Administrator access for APPVISORY ® management console per web-login
• Export of individual test results and applicants as CSV, JSON and PDF

App Scan App Catalog

• Extensive app catalog of continually tested apps
• Automatic review of each app update
• For Android and iOS

MDM Connect

• Automatic connection to leading MDM software
• Scan of the app portfolio created in the MDM against the APPVISORY database
• Transfer of an app portfolio to the MDM Whitelist/Blacklist
• Escalation by push notification in case of violation of company’s compliance guidelines

Black- & Whitelisting

• Automatic or manual assembly of apps for the creation of a basic Whitelist/Blacklist
• Automatic synchronization of changed risk ratings of apps due to updated results

As hackers constantly update their attack methods, Avanan continues to test new algorithms and technologies from different vendors, and adds them to the platform to stay ahead, giving you a significant advantage, future-proofing your security. Avanan's unique position, inside the cloud allows it to catch attacks that have already bypassed Office 365 and Google's default security scans. No single vendor can offer the level of protection provided by Avanan's true defense-in-depth security Features: SECURES INBOUND, OUTBOUND, AND INTERNAL EMAIL While email gateways are blind to internal email,Avanan can see every message,- inbound, outbound, internal, and historical - to block attacks that they can't even see. Avanan deploys inside your Office 365 or Gmail, just like an app,. This gives us real-time and historical visibility into every user, file, event, and policy. BREACH DETECTION Perimeter email gateways can only see external attacks making them blind to insider threats. Not only can Avanan see every email, it monitors the entire suite--every user, every configuration, permissions change, file update and internal message--to identify malicious behavior and compromised accounts UNTESTABLE BY HACKERS Other mail gateways require you to change your DNS MX record,revealing your security to the attackers that can target their vulnerabilities. Because Avanan deploys from the inside, hackers will never know the type of technology nor the depth of your protection. PROTECTION BEYOND EMAIL Avanan secures more than just your email, extending its protection to messages and shared files in other Enterprise SaaS applications like Slack,Box, Dropbox, Google Drive, One Drive and more. DEPLOYS IN MINUTES Avanan is the only cloud-based email security solution that deploys from within Gmail, Microsoft, or whichever SaaS you want to secure. Approve our app from your admin account and in minutes,Avanan finds phishing attacks? completely out of band, with no need for a proxy, appliance, or endpoint agent. MULTI-LAYER DEFENSE When you deploy Avanan, you are really deploying an army of best-of-breed security tools to protect your organization from phishing attacks. We cloudified pre-configured, zero-management versions of the top security tools in the industry. Each security tool runs in parallel, acting as an additional layer of security with no additional latency. Benefits of Avanan:

• Deploys Inside the Cloud. 100%visibility, with no need to put a gateway or agent between your users and their apps. No latency, no disruption, no change in user experience
• Pre- configured. We take our partners' latest software and wrap the core technology in the Avanan API, standardizing all their user, file, event and policy information. We make cloud-native versions that are not available anywhere else.
• Single License. You don't need to pay for each security tool individually. Avanan consolidates each vendor's individual licensing model into a single per-user per month subscription.
• Standardized Universal Policies. Every SaaS has a completely different policy engine, each with its own rules and enforcement capabilities. With Avanan you can create one policy and apply it everywhere without having to do the translation.

Avocado Security platform provides “Deterministic Application Security Functions”. Thus, bringing the security stack literally into the application, enabling applications to secure themselves and carry the security stack with themselves when they migrate to cloud environment. Features: Avocado Security Platform This includes Distributed Deterministic Security (DDS) plugins, Security Orchestrator and Z-Ray. DevOps integrated deployment can massively scale to protect application instances on any platform in any datacenter or any cloud. Avocado DSS Plugins Creates automatic plugins to applications to provide security segmentation and compliance enforcement points that intercepts & kills threats, collects forensics and statistics from cyber-attacks for compliance and reporting. Avocado Security Orchestrator Virtual Appliance which orchestrates security management, visualization and compliance. Performs app auto discovery & configuration. Providing complete programmability through RESTful APIs and scripted interface for SecOps and DevOps. Avocado Z-Ray End to end app security and visualization. Giving real-time experience of security dynamics. The orchestrator collects the logs, events and forensics from all DDS Plugins across the data center. Feeding it for threat intelligence sharing. Benefits:

• One Touch Segmentation. Deterministic threat detection at the web, application and database tiers.
• Zero Policies. Highest resolution application of the pico segmentation without any policy.
• Platform Agnostic. Bare metal, virtualized, containerized, and server-less platforms.

In order to have effective mobile security, organizations need visibility, to apply policies, and to have a solution that fits cleanly into existing workflows by integrating with existing mobile management and security solutions. How it Works? BETTER Shield (App) Lightweight mobile agent that provides endpoint protection. Deploy it in minutes via EMM. BETTER Console (Web) Streamlined admin console gives immediate visibility, intelligence and control over device risks and threats. The console provides rich information and easy policy management, but our goal is to keep you from ever needing to use it. Deep Thinker (AI) We have built one of the most advanced machine learning platforms and focused it on mobile threat detection. With our global mobile sensor network feeding rich intelligence into Deep Thinker, a cloud-based AI engine, BETTER MTD provides highly accurate detection of risky apps, anomalous behavior, and network threats. Features:

• Apps. Prevent risky and leaky apps from putting sensitive data at risk with app scanning technology powered by machine learning.
• Web and Content. Employees are more likely to get phished on their phone than their computer. Protect them from all sources of malicious links (texting, WhatsApp, iMessage, Snapchat, Facebook, etc.)
• Device / OS. Mobile device OS vulnerabilities must be mitigated. Users need defense against advanced jailbreak attacks and risky device configurations. Get control of device versions, including CVEs based on Android patch levels and iOS versions.
• Network. Risky Wi-Fi hotspots are everywhere. How do you know if a man-in-the-middle attack is in place? Prevent the full range of advanced network-based threats with detection powered by our cloud-based global visibility.

Email, shared URL’s, file attachments, cloud drives and new digital communications are transforming the way we work. They are also the most accessible entry point for advanced content-borne cyber attacks. Deep Application Learning Continuous and aggregative CPU-level learning of application paths. BitDam live knowledge base of all legitimate executions for common business applications. Real-time analysis, code benchmarking and immediate alien code detection for advanced threats, regardless of the specific attack technique. Alien Code Detection Forever Protected Applications 100% attack code visibility for known and unknown threats, covering all attachments & links. Prevention of sophisticated exploits and evasion methods, pre-code execution. No need for security updates or patches. BitDam Email Security & Malware Protection Features

• Close to zero latency – With minimal email latency of just a few seconds, end-users will not notice any change. With BitDam, they’re safe to click everything that lands in their inbox.
• 2-click integration – Pre-built APIs enables a (literally) 2-click self-service deployment through the BitDam portal, which applies for all mailboxes in the organization.
• Fast and easy deployment – No MX record change is needed, no hassle to your IT team.
• Intuitive dashboard – Your SOC team can view email subject and recipients through the BitDam dashboard, making tracking and investigating attacks simple.
• Email body and clean files are never saved – BitDam scans the entire email including links and attachments, but doesn’t save it unless malicious.
• Quarantine malicious emails – Malicious emails are automatically quarantined, allowing the SOC team to investigate, delete or release them as needed.
• Visibility to other security checks – As a SOC team user you can see what basic security checks each email went through. This includes anti-spam, spf, and dmarc checks.

Unmatched detection rates, immediate prevention of ALL advanced content-borne cyber threats. Any Exploit Logical Exploits and Hardware Vulnerabilities Any Payload Macro-Based Malware, Ransomware, Spear Phishing. Any Known Unknown Vulnerability One Day, Zero Day Attacks Make it safe to click across all channels

• Email
• Cloud Storage
• Instant Messaging

UNCOVER AND STOP ELUSIVE THREATS WITH EDR THAT WORKS. Easy-to-Use, High-Fidelity EDR Is Part of our Comprehensive and Integrated Endpoint Protection Platform. GravityZone XDR excels where pure-play EDR products are too complex and noisy, preventing, detecting and responding to attacks that evade traditional anti-malware. A single solution reduces the attack surface with hardening and controls, stopping malware at pre-execution. The new endpoint data recorder and threat analytics automate detection and allow easy investigation and in-place remediation. XDR’s seamless threat prevention, accurate detection and smart response minimize infection exposure and stop breaches. EDR SO EASY, YOU CAN ACTUALLY USE IT With clear visibility into indicators of compromise (IOCs), and threat investigation and incident response workflows, GravityZone Ultra reduces resource and skill requirements for security operations.

• Real-time endpoint visibility
• Expose (insight into) suspicious activities
• One-click investigation
• Alert triage and incident analysis visualization
• Track live attacks and lateral movements
• Rapid response
• Reduce dwell time with fast resolution, containment and remediation

HIGH-FIDELITY DETECTION MEANS ENHANCED SECURITY OPTICS AND FREEDOM FROM ALERT FATIGUE Free up your security resources to focus on real threats.

• Minimize noise and distraction from false alarms
• Reduce the volume of incidents with effective threat prevention
• Eliminate manual remediation of blocked attacks with automatic remediation and repair

COMPREHENSIVE ENDPOINT SECURITY PLATFORM IN ONE AGENT AND CONSOLE GravityZone Ultra comes with all the hardening and next-generation prevention controls included in GravityZone HD and the Elite suite.

• Minimize exposure with strong prevention
• Machine-learning and behavior-based detection stops unknown threats at pre-execution and on-execution
• Detect and block script-based, fileless, obfuscated and custom malware with automatic remediation
• Memory protection to prevent exploits
• Reduce attack surface by enabling IT security controls
• Integrated client firewall, device control, web content filtering, app control, patch management and more.

SMART RESPONSE MEANS EVOLVED PREVENTION Because GravityZone Ultra is an integrated prevent-detect-respond solution, it lets you quickly respond and restore endpoints to a “better-than-before” stage. Leveraging threat intelligence gathered from endpoints during the investigation, you can in one interface adjust policy immediately and patch vulnerabilities, improving the security posture of your environment.

Even the best detection technology cannot return the data, money or reputation that is lost in a breach. While a layered approach that addresses the entire attack cycle is a must, prevention still has the highest return on investment. BUFFERZONE provides a better way to reduce the attack surface and protect the most vulnerable part of the organization – employee endpoints. How it Works? The BUFFERZONE virtual container protects any application that you define as insecure including web browsers, email, Skype, FTP and even removable storage. BUFFERZONE is transparent to both the application and the end-user, yet completely seals off threats from the rest of the computer. Unlike conventional endpoint detection solutions that depend on signatures or behavioral profiles to detect malicious activity, BUFFERZONE simply isolates malware regardless of whether it is known or new, and prevents it from doing any harm. The BUFFERZONE Endpoint Security solution includes:

• Virtual Container: A secure, virtual environment for accessing content from any potentially risky source including internet browsers, removable media and e-mail.
• Secure Bridge: A configurable process for extracting data from the container to enable collaboration between people and systems while ensuring security and compliance.
• Endpoint Intelligence: Detailed reporting and integration with SIEM and Big Data analytics to identify targeted attacks.

Features: Virtual Containment On endpoints running the BUFFERZONE agent, access to external, untrusted sources such as the internet and the effects of such access are completely isolated inside a virtualized container. Potential threats are thus isolated from the endpoint’s native resources from which trusted organizational resources are accessed, making it impossible for threats to in any way harm the endpoint or the rest of the organization. A configurable, centralized policy determines application containment. Network Separation Endpoint-based network segmentation. Define separate firewall-type rules for contained and uncontained applications, preventing uncontained, trusted applications from accessing risky destinations such as the internet and preventing contained, untrusted applications from accessing sensitive, internal organizational network destinations. Email Attachment Containment Contains attachments from external, untrusted sources, protecting the endpoint and trusted organizational resources from the attachments. Emails arriving from outside the organization are saved normally (uncontained) on endpoints but are subsequently opened on any protected endpoint in a BUFFERZONE container. DLP Features Several BUFFERZONE features can contribute to an organizational data-loss prevention (DLP) strategy by blocking information from exiting the organization by various paths:

• Containment Features. Prevent uncontained applications, which can access organizational resources, from accessing the internet; and prevent contained applications, which can access the internet, from accessing organizational resources.
• Hidden Files. Set file locations, that may contain sensitive data, to be hidden from contained applications.
• Upload Blocker. When Upload Blocker is enabled, contained browsers can download to and upload from only a designated folder (by default: Downloads), which is isolated from uncontained programs. This prevents browsers from uploading any files to the internet other than contained files that were previously downloaded from the internet.

BUFFERZONE Management Server (BZMS) For centralized management, you can integrate BUFFERZONE with your existing endpoint management system; or, for fuller management capabilities, use the BUFFERZONE Management Server (BZMS) to manage organizational BUFFERZONE agents, gain visibility to relevant organizational endpoints, and serve and assign organizational policy by endpoint and/or user.

Capsule8 liberates SecOps from managing a high volume of manual tasks, while being safe for even the busiest workloads, on the busiest networks. For security teams, key features of Capsule8 include: Real-Time Attack Protection for Linux Production Capsule8 Protect uses distributed, streaming analytics combined with high-fidelity data that detects and responds to attacks the instant they’re attempted. This real-time approach allows our customers to respond to attacks before they have costly consequences. Detection Force Multiplier Capsule8’s approach includes a Detection Force Multiplier which delivers high-fidelity data and is continuously updated by a team of security experts to uncover the latest zero-day attacks. This approach includes highly technical methods for detecting indicators of common exploitation techniques, while still providing flexible policy-based detection (such as file integrity monitoring). Low Volume, High Value Data Capsule8 Protect provides relevant, contextual information that makes it easy to perform investigations that determine why alerts re, and what an attacker does after an attack lands. Automated Response Customers can strategically (and automatically) kill attacker connections, restart workloads, or immediately alert an investigator upon initial detection. Capsule8 Protect helps customers respond to attacks in real-time, before they take effect. This eliminates the costly and time- consuming cleanup process that follows an attack or breach. Easy Integration with Existing Systems Capsule8 Protect is infrastructure- and cloud-agnostic. We provide seamless, easy-to-deploy detection across the entire infrastructure, with support for containers, VMs, bare metal, and hybrid deployments (i.e. Kubernetes, VMware, and Docker). Our API is fully extensible for easy integration into existing systems and can easily interoperate with backend workflows, giving you full access to your data, wherever you want it. Capsule8’s product architecture also addresses any concerns from your operations teams including:

• No Risk to System Stability. Capsule8 runs in userland (outside the operating system’s kernel) and collects kernel-level data without the need of a kernel module. This approach ensures no risk to stability in production (both servers and networks).
• Minimal Performance Impact. To ensure minimal performance impact to hosts and networks, Capsule8 employs a resource limiter that enforces hard limits to system CPU, disk and memory, with an intelligent load-shedding strategy.
• Simple Deployment and Maintenance. The Capsule8 agent is a single static Go binary that is portable and easy to install and to update through a wide variety of orchestration mechanisms, including Puppet, Ansible, Kubernetes, etc. Our system works on-premise, in the cloud, or in a hybrid environment.
• Minimal Network Load. Our distributed approach to analytics pushes computation as close to the data as possible, ensuring minimal impact to even the busiest of networks.

Enterprise security teams struggle to get their hands on the endpoint data they need to properly investigate and proactively hunt for abnormal behavior. Security and IT professionals lack the ability to see beyond suspicious activity and need a way to dive deeper into the data to make their own judgments. CB Response is an industry-leading incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior. Capabilities

• Continuous and Centralized Recording
• Live Response for Remote Remediation
• Attack Chain Visualization and Search
• Automation via Integrations and Open APIs

Benefits

• Faster end-to-end response and remediation
• Accelerated IR and threat hunting with unfiltered endpoint visibility
• Rapid identification of attacker activities and root cause
• Secure remote access to infected endpoints for in-depth investigation
• Better protection from future attacks through automated hunting
• Unlimited retention and scale for the largest installations
• Reduced IT headaches from reimaging and helpdesk tickets

Centripetal’s CleanINTERNET® intelligence-driven network security service lets teams operationalize threat intelligence through the RuleGATE enforcement platform, the most powerful threat intelligence gateway technology on the market today. Why CleanINTERNET?

• Lowers false positives through bulk enforcement of millions of complex IOC rules, paired down from hundreds of millions of indicators
• Greatly reduces event volume through intelligence-based filtering and data aggregation
• Converts indicators to action on a continuous basis, as intelligence feeds are dynamically updated

Features: APPLIED THREAT INTELLIGENCE 70+ out-of-the-box threat intelligence sources (premium, open source, industry-specific). 3000+ unique IOC feeds updated in real-time as feeds update dynamically. AUTOMATED ENFORCEMENT Billions of threat indicators correlated and filtered at network edge to millions of complex rules to influence enforcement. Automatic enforcement (block, redirect, shield, mirror, allow, capture) with 160 Gbps backplane to support true enterprise speeds. LIVE ANALYST SUPPORT Dedicated, experienced cyber analysts actively engaged in threat hunting, cyber support and threat remediation. Continually analyzing your data to optimize your threat posture and improve your security policy. The Centripetal Difference The enterprise has a major problem. There are too many breaches. Companies have far too many security incidents. And teams who set out to apply intelligence to defeat advanced threats may have the right idea, but no way to execute it. Why?

• Organizations cannot apply threat intelligence at-scale
• High latency rates limit real-time prevention of known threats. Less than 1% of compromise indicators are persistently applied to an organization’s defense

Without a single platform that can process the amount of threat intelligence necessary to actively defend the business, security teams have been struggling. Firewalls and IPS systems are not the answer.

Centripetal has solved this problem with its invention of the Threat Intelligence Gateway. This solution fundamentally changes how cyber teams filter bad traffic based on intelligence, allowing them to:

• Eradicate threats based threat intelligence enforcement
• Focus on investigating the 10% of threats that are unknown

Cisco Advanced Malware Protection (AMP) - a system that protects your business before, during and after an attack, making it the most robust form of malware protection available. Cisco AMP employs global threat intelligence to fortify your network’s defenses before an infiltration even occurs. During a network breach, it identifies and blocks the attack using a powerful combination of intelligence, file signatures and advanced malware analysis. After an attacker infiltrates your network, Cisco AMP arms your security team with a clear view of the malware’s origin, its method and point of entry, where it’s been, and its current trajectory. This combination of point-in-time and retrospective security make it possible to discover, confine, and dissolve the threat fast enough to protect your business from irreversible damage. Using Cisco AMP gives your business access to a wide selection of security features, including:

• Filtering out policy-violating files from the Internet, e-mails, and more.
• Detecting and protecting against client-side exploit attempts and exploit attempts aimed at client applications like Java and Flash.
• Recognizing, blocking, and analyzing malicious files.
• Identifying malware patterns and anticipating potentially breached devices.
• Tracking malware’s spread and communications.
• Alleviating threats of reinfection.

Cleafy innovative threat detection and protection technology is available in an open and flexible platform that can be easily adopted to address several needs for protecting your online services and users. Features: Cleafy protects on-line services against advanced, targeted attacks from compromised web/mobile endpoints thanks to its unique real-time, client-less threat detection and prediction capabilities. Cleafy has been successfully adopted to protect millions of users against Man-in-the-Browser (MITB), Man-in-the-Middle (MITM), RAT-in-the-Browser, VNC/BackConnect, Mobile Overlay, and other types of attacks. Cleafy is fully client-less - it operates by integrating with server-side infrastructure: Cleafy provides out-of-the-box integrations with several Application Delivery Controller technologies. Cleafy does not require any application change and is completely transparent to end-users. Cleafy provides (no-touch) visibility on endpoints that allows customers to identify potential threats and prevent business disruption from targeted advanced attacks, gain insights on attack scenarios and techniques (e.g. by inspecting code injected by malware) and thus define best response actions and their overall security posture. Cleafy supports Online Fraud Prevention by providing real-time risk scoring and enabling selective risk-based authentication, thus preserving business continuity and user experience. Key Differentiators: Advanced threat detection and protection

• Patented Full Content Integrity (FCI) continuously verifies full application integrity (DOM/XHR/API)
• Deep threat visibility automatic extraction of threat evidence (e.g. malicious web-injects and mobile apps)
• Patented Dynamic Application Encryption (DAE) to enable safe transactions from infected endpoints

Client-less and application-transparent

• Client-less - no agent deployed and passive mobile SDK – no touch of application backend infrastructure
• User-transparent – no impact on end-user experience, content delivery and endpoint performance
• Application-independent - no changes required to application code – no re-training upon new releases

Open, scalable and cloud-ready

• Open architecture and comprehensive REST APIs – integrates any Transaction Monitor, Case Mgmt, SIEM
• Scalable to continuously monitor full application perimeter and analyze millions of events/day
• Deployed either on-premise or over the Cloud