Progent's ProSight Active Security Monitoring services include behavior analysis heuristics by SentinelOne to offer best-in-class protection for endpoints and servers. This approach to malware defense addresses the new generation of cyber attacks, such as ransomware, which easily evade detection by legacy signature-based anti-virus techniques. Progent is a SentinelOne Partner, reseller, and integrator.
Progent's ProSight Active Security Monitoring offers small and mid-sized companies the benefits of the same anti-virus tools used by many of the world's largest corporations such as Walmart, Citi, and Salesforce. By providing in-line malware blocking, classification, mitigation, repair and forensics in a single integrated platform, Progent's ProSight Active Security Monitoring reduces TCO, simplifies administration, and expedites resumption of operations. The next-generation endpoint protection engine incorporated in Progent's ASM was listed by Gartner Group as the "most visionary Endpoint Protection Platform."
ProSight Active Security Monitoring online services utilize a low-profile software agent loaded on every enrolled device in order to form an active security matrix that reacts to suspected malware in real time and sets into play unified defense that includes:
Progent's ProSight ASM is provided as an economical monthly remote service, requires no extra hardware, and secures local, remote, telecommuter, mobile, and cloud resources. In case you experience a malware breach, Progent offers the services of CISSP-certified data security consultants to serve as your fast-response team to assist you to utilize Progent's ProSight Active Security Monitoring's smart tools to contain the intrusion, remove the malware from all affected machines, evaluate the impact, rollback your network to the last known healthy state, and determine the cause of the attack and its storyline across your system.
- Real-time protection for Microsoft Windows, Mac, Linux, iOS and Android devices
- Protection for virtual machines powered by Windows Hyper-V, vSphere, and Citrix virtualization systems
- Deep OS-level monitoring
- Signature-independent heuristics and extensive automation
- Modern behavioral analysis
- Detection of new generation attacks from all sources
- Automated after-attack remediation
- Easy rollback to most recent safe state following a crypto-ransomware assault including Ryuk, Maze, Sodinokibi, Netwalker, Conti or Egregor
- Immediate and automatic inoculation throughput the entire grid of protected machines
- Real-time display of an attack's progress throughout your system
- Extensive forensics for recognizing security gaps
- Unified web-accessible administration tool
- Compliant with HIPAA and PCI regulations
Progent's ASM and the Current Cybersecurity Environment
Most ransomware break-ins could have been blocked by modern cybersecurity utilities. Unfortunately, some assaults will break through the most well-planned protective measures. The modern security landscape is too filled with relentless bad actors, including government-sponsored hackers, for any organization to consider itself entirely safe. Given this reality, ProSight Active Security Monitoring is intended not just to prevent malware from gaining access to your network, but also to respond powerfully to any detected penetration. This includes immediate isolation of compromised machines, automatic threat removal, machine-speed inoculation of all endpoints by means of local agents, single-click rollback to a pre-attack state and extensive forensic analysis to help you understand how to bolster your security posture to ward off future attacks. By providing leading-edge defenses during all facets of a malware attack, ProSight ASM represents an end-to-end solution for dealing with today's increasingly dangerous security environment and avoiding the financial and public image loss attendant on a serious security breach.
Endpoint devices like desktops, laptops and phones are the most vulnerable and most commonly attacked elements of an IT network. ProSight ASM services provide a single endpoint protection platform to handle the full lifecycle of a cyber attack including filtering, identification, containment, recovery and analytics. Threats recognized by Progent's Active Security Monitoring include:
Progent's Active Security Monitoring's Behavior-Analysis Threat Recognition
- File-based attacks such as ransomware, worms, and payload-based assaults
- File-less and memory-based malware with no disk-resident indicators
- Document-carried attacks embedded within macros and Office and Adobe files
- Phishing email attacks which are responsible for a high percentage of security breaches)
- Real-time assaults based on scripts such as PowerShell, WMI, and VBScript
- Credential-dependendent attacks like credential-scraping, and mimikatz
Older-generation anti-virus (AV) software tools rely on signature recognition as their main mechanism for detecting malware attacks. With this technique, a unique file hash, called a signature, is generated for every familiar attack. AV software continually tries to match traffic against always-growing signature tables, and stops anything with an incriminating digital signature. The problem with this strategy is that new threats are currently being developed much faster than anti-virus centers can produce and publish digital signatures.
Next-generation anti-virus tools reinforce conventional signature matching with behavior monitoring. This approach tracks the activity of a potential threat and decides whether the behavior is typical and safe or unusual and potentially dangerous. For example, does the code in question impact an exceptionally large number of processes? Does it alter the registry? Does it copy keystrokes? Basically, behavior analysis concentrates on suspicious activities instead of on a fixed signature, which a cyber criminal can easily get around just by modifying a few bytes of malicious code.
Blocking: Prior to the Break-in
Zero-day malware attacks are being developed quickly enough to overwhelm the capacity of signature-based AV platform providers. The industry started to recognize the limitations of signature-matching endpoint protection about a decade ago. Since then things have grown more serious.
Malware generation has expanded faster than signature-matching AV technology can respond
Progent's ASM uses intelligent cloud-based AV centers and reputation services from leading vendors to stop recognized malware attacks. This combined with deep file analysis and dynamic blacklisting and whitelisting give Progent's ASM an edge over traditional anti-virus products. Still, prevention is only the initial phase of modern anti-virus protection. Sophisticated attacks, file-less and script-based malware easily slip by signature-matching defenses. As an example, cyber criminals often employ a packing tool to modify a malicious file's format so cybersecurity labs and AV software are unable to recognize the threat.
Recognition and Mitigation: During the Attack
The next phase of the endpoint protection lifecycle involves responding to an attack while the malware code is running following a breach. Progent's ProSight Active Security Monitoring uses advanced endpoint protection techniques to spot malicious activity resulting from any attack that penetrates the initial line of defense. In order to modify data, even file-less threats like memory-based malware carry out suspicious behaviors such as creating an executable file without permission. Progent's ASM's compact resident software agent monitors activity in every enrolled endpoint and uses modern behavioral threat analysis and deep activity background to recognize new assaults immediately after they occur. After an attack is identified, Progent's ProSight Active Security Monitoring immediately isolates the impacted endpoint device from the network to minimize the damage. Because the ProSight Active Security Monitoring software agent operates independently, endpoint devices remain secured even if they are disconnected from the Internet.
Recovery: After a Break-in
After isolating a malware assault, Progent's ProSight ASM begins the recovery phase of protection. If ProSight Active Security Monitoring is implemented with Windows Volume Shadow Copy Service (Windows VSS), changes to data made by a cyber assault can be automatically rolled back to a trusted state with a single click. Progent's Active Security Monitoring also records any system-level files and settings that were altered by the malware and what files were restored. If ProSight Active Security Monitoring uncovers a recent malicious binary, the code is tagged and all devices on the system that are protected by software agents are immunized against the new attack. Also, the Progent's Active Security Monitoring management tool offers extensive forensics like an informative visualization of the assault's progress throughout the targeted network from beginning to end. This audit trail of how an assault progressed within the network assists you to assess the impact and uncovers shortcomings in policies or processes that should be corrected to prevent future breaches.
ProSight ASM's management tool offers a real-time storyline of an attack's passage through the target system
Download the ProSight Active Security Monitoring Datasheet
To download a PDF datasheet describing the key features and benefits of Progent's ProSight Active Security Monitoring services, click:
Progent's ProSight ASM Ransomware Protection Datasheet. (PDF - 89 KB)
Contact Progent about ProSight ASM Services
To learn more about ways Progent can assist your business set up an economical and efficient crypto-ransomware protection solution with Progent's Active Security Monitoring service, call 1-800-462-8800 or see Contact Progent.