Progent's ProSight Active Security Monitoring (ASM) services feature behavior analysis and AI technology by SentinelOne to offer best-in-class protection for all endpoints and servers. This approach to malware protection addresses the new wave of cyber attacks, such as ransomware, which routinely evade filtering by traditional signature-based anti-virus techniques. Progent is a SentinelOne Partner, reseller, and integrator.
Progent's Active Security Monitoring gives small and medium-sized businesses the advantages of the identical anti-virus technology deployed by some of the world's biggest corporations including Netflix, Visa, and NASDAQ. By providing in-line malware blocking, detection, mitigation, restoration and analysis in one integrated platform, Progent's ProSight Active Security Monitoring reduces TCO, streamlines management, and expedites recovery. The next-generation endpoint protection engine incorporated in Progent's Active Security Monitoring was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform."
Progent's ProSight Active Security Monitoring online services utilize a small-footprint agent running on every enrolled device in order to create a dynamic security matrix that reacts to potential attacks in real time and orchestrates cohesive protection featuring:
ProSight Active Security Monitoring is provided as an affordable monthly online service, requires no special equipment, and protects local, online, telecommuter, mobile, and cloud devices. If you experience a cyber break-in, Progent can provide the services of CISSP-certified data security experts to serve as your fast-response team to assist you to utilize Progent's ProSight Active Security Monitoring's powerful tools to contain the attack, delete the malware from all affected machines, evaluate the impact, restore your system to the last known working state, and determine the origin of the attack and its progress across your system.
- Real-time protection for Windows, Mac, Linux, Apple iOS and Google Android devices
- Support for virtual machines powered by Windows Hyper-V, VMware vSphere, and Citrix XenServer virtualization systems
- In-depth OS-level monitoring
- Signature-independent heuristics and automation
- Cutting-edge behavioral analysis
- Ability to spot new generation threats from all vectors
- Automated after-attack remediation
- Easy rollback to most recent safe state following a crypto-ransomware attack such as Ryuk, Maze, Sodinokibi, DopplePaymer, LockBit or Egregor
- Immediate no-touch vaccination across the complete matrix of protected devices
- Real-time visualization of an attack's progress across your system
- Comprehensive forensics for determining security gaps
- Unified web-accessible administration tool
- Compliant with HIPAA and PCI regulations
Progent's ProSight ASM and the Current Cybersecurity Landscape
Over 97% of crypto-ransomware breaches could have been blocked by modern cybersecurity tools. Unfortunately, some attacks will break through the best defenses. Today's security landscape is too filled with tireless bad actors, including government-sponsored cyber criminals, for any organization to be entirely safe. With this in mind, Progent's Active Security Monitoring is designed not simply to keep malware from establishing a foothold on your network, but also to respond decisively to any breach. This entails immediate isolation of infected machines, AI-based threat removal, fast inoculation of all machines by means of local agent software, single-click restore to a safe state and extensive forensics to show you how to enhance your cybersecurity posture to ward off subsequent assaults. By delivering leading-edge defenses during all phases of a cyber attack, Progent's ProSight ASM represents an end-to-end solution for dealing with the increasingly dire security landscape and escaping the financial and reputation loss associated with a major security breach.
Endpoints such as PCs, laptops and phones are the most vulnerable and most commonly attacked elements of a network. Progent's ProSight ASM services provide a unified endpoint protection (EPP) solution to handle the complete lifecycle of a cyber attack including blocking, classification, remediation, cleanup and analytics. Threats recognized by Progent's Active Security Monitoring include:
Progent's ASM's Behavior-Analysis Threat Recognition
- File-dependent attacks like ransomware, trojans, and payload-based assaults
- File-less and memory-based attacks with no disk-based flags
- Document-carried malware embedded within macros and Microsoft Office and Adobe files
- Phishing email-based attacks which make up a large portion of cybersecurity breaches)
- Real-time attacks based on scripts such as PowerShell, Powersploit, and VBScript
- Credential-oriented assaults including credential-dumping, mimikatz and tokens
Legacy anti-virus (AV) tools rely on signature recognition as their primary means of detecting malware. With this technology, a unique file hash, known as a signature, is calculated for each familiar attack. Anti-virus software continually compares incoming data against always-expanding signature databases, and stops code that has an incriminating digital signature. The shortcoming with this strategy is that zero-day threats are currently being developed much more rapidly than anti-virus centers can produce and distribute signatures.
Next-generation anti-virus tools supplement conventional signature matching with behavior analysis. This technology tracks the activity of a possible threat and determines if the behavior is normal and safe or abnormal and potentially threatening. For example, does the software in question affect an exceptionally large set of processes? Does it alter the registry? Does it save keystrokes? Basically, behavior monitoring focuses on potentially dangerous activities instead of on a fixed signature, which a cyber criminal can easily nullify just by changing a few bytes of malware software code.
Prevention: Before the Breach
New threats are being developed quickly enough to swamp the ability of signature-based AV platform providers. The market began to recognize the shortcomings of signature-matching endpoint protection about a decade ago. Since that time the situation has become worse.
Malware generation has increased more rapidly than signature-matching AV providers can respond
Progent's ProSight Active Security Monitoring utilizes intelligent cloud-based anti-virus labs and whitelisting/blacklisting services from leading providers to block recognized malware attacks. This integrated with deep file inspection and dynamic blacklisting and whitelisting give Progent's ASM an advantage over traditional AV solutions. However, prevention is only the initial phase of next-generation AV protection. Sophisticated attacks, file-less and script-dependent assaults easily slip by signature-based systems. As an example, hackers often use a so-called packing tool to modify a malicious file's format so cybersecurity labs and AV software can't recognize the attack.
Detection and Response: During the Attack
The second part of the endpoint protection lifecycle involves responding to a cyber attack while the malicious code is running following a breach. ProSight Active Security Monitoring utilizes advanced EPP techniques to spot malicious activity caused by any threat that breaks through the first wall of defense. In order to compromise data, even file-less threats such as memory-resident assaults carry out recognizable actions such as making an executable file with no authorization. Progent's Active Security Monitoring's low-profile embedded agent tracks activity in each enrolled endpoint device and uses modern behavioral analysis and full activity background to recognize new assaults as soon as they occur. After an attack is identified, ProSight Active Security Monitoring immediately quarantines the infected endpoint from the grid to minimize the impact. Since the Progent's ProSight Active Security Monitoring software agent runs independently, endpoint devices stay secured even if they are disconnected from the Internet.
Restoration: After a Penetration
After containing an attack, ProSight Active Security Monitoring begins the recovery phase of protection. When Progent's ProSight ASM is implemented with Windows Volume Shadow Copy Service (Windows VSS), changes to data made by a malware attack can be immediately rolled back to a safe state with one click. ProSight Active Security Monitoring also records any system-level files and settings that were modified by the malware and what files were recovered. If ProSight Active Security Monitoring uncovers a new malicious binary, the malware code is tagged and all devices on the system that are protected by software agents are vaccinated against the new attack. Also, the Progent's ProSight ASM management console offers comprehensive forensics such as an informative display of the assault's progress across the network from beginning to end. This audit trail of how an attack progressed within the network assists your IT staff to evaluate the impact and brings to light vulnerabilities in rules or work habits that need to be corrected to avoid future break-ins.
Progent's Active Security Monitoring's management tool delivers a live storyline of a threat's passage through the network
Download the ProSight ASM Datasheet
To download or read a PDF datasheet describing the major features of ProSight Active Security Monitoring services, click:
Progent's ProSight ASM Ransomware Protection Services Datasheet. (PDF - 89 KB)
Contact Progent about ProSight ASM Services
To learn more about ways Progent can assist your business set up an economical and effective ransomware protection solution with Progent's ProSight ASM service, call 1-800-462-8800 or visit Contact Progent.