Progent's Active Security Monitoring (ASM) services include machine learning heuristics to offer best-in-class protection for endpoints and servers. This approach to malware defense is designed to meet the latest generation of cyber threats, like crypto-ransomware, which easily evade filtering by traditional signature-based AV techniques.
ProSight ASM offers small and mid-sized companies the advantages of the same AV technology deployed by many of the world's biggest enterprises such as Walmart, Visa, and NASDAQ. By providing in-line malware blocking, identification, mitigation, restoration and analysis in a single integrated platform, ProSight Active Security Monitoring cuts TCO, simplifies administration, and promotes rapid resumption of operations. The next-generation endpoint protection engine incorporated in Progent's ProSight ASM was ranked by Gartner Group as the industry's "most visionary Endpoint Protection Platform."
Progent's ASM remote services utilize a small-footprint software agent running on every protected device to create an active security matrix that reacts to potential malware instantly and sets into play unified protection featuring:
Progent's ProSight ASM is offered as an affordable monthly remote service, requires no special hardware, and protects onsite, online, at-home, mobile, and cloud-based devices. If you are a victim of a cyber break-in, Progent can provide the support of CISSP-certified data security consultants to serve as your fast-response team to assist you to use Progent's ASM's advanced tools to contain the attack, remove the malware from all compromised machines, evaluate the damage, rollback your network to the most recent healthy condition, and determine the cause of the penetration and its progress within your network.
- Instant protection for Microsoft Windows, Mac, Linux, Apple iOS and Android devices
- Protection for virtual machines powered by Windows Hyper-V, VMware vSphere, and Citrix XenServer virtualization platforms
- Deep OS-level monitoring
- Signature-less heuristics and automation
- Modern behavioral analysis
- Ability to spot current generation threats from all vectors
- Automated post-attack remediation
- Single-click rollback to last safe state after a crypto-ransomware attack such as Ryuk, Maze, Sodinokibi, DopplePaymer, Conti or Egregor
- Instant and automatic vaccination across the entire grid of enrolled machines
- Real-time display of an assault's path through your network
- Extensive forensics for determining vulnerabilities
- Unified browser-based management console
- Complies with HIPAA and PCI regulations
Progent's Active Security Monitoring and Today's Cybersecurity Environment
Most ransomware breaches could have been deterred by modern security utilities. Unfortunately, some attacks will break through the best defenses. The modern cybersecurity landscape is too crowded with tireless bad actors, including state-sponsored hackers, for any enterprise to consider itself entirely safe. Given this reality, ProSight ASM is designed not simply to prevent ransomware from establishing a foothold on your information network, but also to react decisively to any breach. This entails immediate quarantine of infected devices, AI-based threat removal, fast vaccination of all machines by means of embedded agent software, one-click rollback to a pre-attack condition and comprehensive forensic analysis to help you understand how to enhance your cybersecurity posture to foil future assaults. By delivering advanced defenses during all facets of a malware attack, Progent's ProSight Active Security Monitoring represents a comprehensive solution for dealing with the increasingly dire security landscape and avoiding the economic and reputation loss associated with a major cybersecurity breach.
Endpoint devices like PCs, notebooks and smartphones are the most susceptible and most typically attacked components of an IT network. Progent's ASM services offer a unified endpoint protection (EPP) solution to manage the full lifecycle of a cyber assault including filtering, classification, containment, recovery and forensics. Threats managed by Progent's Active Security Monitoring include:
Progent's Active Security Monitoring's Behavior-Analysis Malware Recognition
- File-dependent attacks like ransomware, trojans, and payload-based attacks
- File-less and memory-only malware without disk-based indicators
- Document-based attacks incorporated within malicious macros and Microsoft Office and Adobe files
- Phishing email-based assaults which make up a large portion of cybersecurity breaches)
- Live attacks from scripts like PowerShell, WMI, and VBS
- Credential-oriented attacks including credential-scraping, mimikatz and tokens
Legacy anti-virus (AV) software tools rely on signature recognition as their main means of detecting malware. With this technology, a distinct file hash, known as a signature, is generated for every known attack. Anti-virus detection software continually compares traffic against ever-growing signature tables, and stops code that has an incriminating signature. The shortcoming with this strategy is that new threats are currently being generated much more rapidly than anti-virus labs can create and distribute signatures.
Next-generation AV products supplement traditional signature matching with behavior analysis. This technology tracks the activity of a potential attack and determines whether the behavior is typical and safe or abnormal and potentially threatening. For instance, does the software under observation affect an exceptionally large number of processes? Does it alter the registry? Does it save keystrokes? Basically, behavior analysis focuses on suspicious actions rather than on a fixed signature, which a hacker can quickly nullify just by changing a few bytes of malware code.
Prevention: Before the Break-in
Novel malware attacks are being developed quickly enough to swamp the capacity of signature-style anti-virus labs. The market started to recognize the shortcomings of signature-matching EPP about a decade ago. Since that time the situation has grown more serious.
Threat production has increased more rapidly than signature-matching anti-virus providers can respond
Progent's ProSight ASM uses modern cloud-based AV centers and whitelisting/blacklisting services from major vendors to stop recognized malware attacks. This integrated with deep file inspection and dynamic blacklisting and whitelisting give Progent's ProSight Active Security Monitoring an advantage over traditional AV solutions. Still, prevention is only the initial line of next-generation AV protection. Modern exploits, file-less and script-dependent assaults routinely slip by signature-matching systems. For example, hackers often use a packing tool to encrypt a malicious file's format so cybersecurity researchers and anti-virus software are unable to detect the attack.
Recognition and Mitigation: During the Assault
The next phase of the EPP lifecycle involves responding to an attack while the malware code is running following a breach. Progent's ProSight ASM uses next-generation EPP techniques to spot malware activity caused by any threat that breaks through the initial wall of defense. In order to modify information, even file-less attacks such as memory-resident assaults carry out suspicious actions like as making an executable file without permission. Progent's ASM's small-footprint embedded agent tracks activity in each protected device and utilizes advanced behavioral threat analysis and deep activity context to detect new assaults immediately after they start. After an attack is identified, ProSight ASM immediately quarantines the infected endpoint device from the grid to minimize the damage. Since the Progent's ASM embedded agent runs autonomously, endpoint devices remain secured even when they are not connected to the Internet.
Restoration: After a Penetration
After isolating a malware attack, ProSight Active Security Monitoring begins the cleanup process. When Progent's ASM is implemented with Microsoft Windows VSS, changes to data caused by a malware attack can be quickly rolled back to a safe state with one click. Progent's Active Security Monitoring also logs any system-level files and settings that were changed by the assault and what files were fixed. Any time Progent's ProSight Active Security Monitoring detects a recent malicious binary, the code is flagged and all devices on the system that are protected by ASM agents are vaccinated against the new assault. In addition, the Progent's ASM management tool includes extensive forensics like an intuitive display of the attack's progress throughout the targeted network from start to finish. This audit trail of how an attack travelled through the network helps you to assess the impact and brings to light weaknesses in security policies or work habits that need to be corrected to avoid later breaches.
ProSight Active Security Monitoring's management console offers a live depiction of an attack's passage through the target system
Download the ProSight ASM Datasheet
To download a PDF datasheet about the key features of Progent's ProSight ASM services, click:
Progent's Active Security Monitoring Ransomware Protection Services Datasheet. (PDF - 89 KB)
Contact Progent about ProSight ASM Services
To learn more information about ways Progent can assist your business set up an affordable and effective ransomware defense solution with ProSight ASM service, call 1-800-462-8800 or see Contact Progent.