Progent's Active Security Monitoring (ASM) services include machine learning technology from SentinelOne to offer state-of-the-art defense for all endpoints and virtual and physical servers. This modern approach to malware defense addresses the new generation of cyber threats, like ransomware, which easily evade filtering by legacy signature-based anti-virus (AV) technology.
ProSight ASM offers small and mid-sized companies the advantages of the same AV tools implemented by some of the world's biggest corporations including Walmart, Citi, and NASDAQ. By providing in-line malware filtering, detection, mitigation, repair and analysis in one integrated platform, ProSight ASM lowers TCO, simplifies administration, and promotes rapid operational continuity. The next-generation endpoint protection engine built into in ProSight ASM was listed by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)."
ProSight ASM online services rely on a small-footprint agent running on every protected endpoint and server to create an active cybersecurity grid that reacts to suspected attacks instantly and orchestrates cohesive protection featuring:
Progent's ProSight Active Security Monitoring is offered as an affordable monthly remote service, requires no extra equipment, and protects local, remote, work-from-home, mobile, and cloud devices. In case you experience a malware break-in, Progent can provide the services of CISSP-certified cybersecurity experts to serve as your red team to assist you to utilize Progent's Active Security Monitoring's powerful tools to mitigate the intrusion, remove the malicious software from all affected machines, evaluate the impact, restore your network to the last known working condition, and determine the source of the attack and its path across your network.
- Instant protection for Windows, Mac, Linux, iOS and Google Android devices
- Support for virtual machines powered by Hyper-V, vSphere, and Citrix XenServer virtualization platforms
- Deep OS-level monitoring
- Signature-independent heuristics and automation
- Modern behavioral analysis
- Detection of new generation threats from all vectors
- Automated post-attack remediation
- Single-click resumption of most recent secure state following a crypto-ransomware attack including Ryuk, Maze, Sodinokibi, DopplePaymer, Conti or Nephilim
- Immediate and automatic inoculation throughput the complete grid of enrolled machines
- Immediate display of an assault's progression through your network
- Extensive forensics for identifying security gaps
- Unified web-accessible administration tool
- Compliant with HIPAA and PCI
Progent's ProSight Active Security Monitoring and the Current Threat Environment
Most ransomware breaches could have been prevented by modern cybersecurity utilities. But inevitably, some assaults will break through the most well-planned defenses. Today's security environment is too filled with tireless extortionists, including state-sponsored hackers, for any enterprise to be entirely safe. With this in mind, Progent's ProSight ASM is intended not simply to keep malware from gaining access to your network, but also to react powerfully to any detected penetration. This includes immediate quarantine of compromised machines, automatic threat cleanup, fast vaccination of all endpoints via embedded agent software, one-click rollback to a safe state and comprehensive forensics to show you how to enhance your cybersecurity defense to ward off subsequent assaults. By providing leading-edge protection during all facets of a malware assault, ProSight Active Security Monitoring represents an end-to-end platform for surviving today's increasingly dangerous cybersecurity landscape and avoiding the economic and public image loss associated with a major security breach.
Endpoints such as PCs, notebooks and phones are the most vulnerable and most typically targeted components of an IT network. ProSight ASM services offer a unified endpoint protection solution to handle the complete lifecycle of a cyber attack including blocking, classification, containment, cleanup and forensics. Threats recognized by Progent's ASM include:
ProSight ASM's Behavior-based Malware Detection
- File-based attacks like crypto-ransomware, worms, and backdoor assaults
- File-less and memory-based malware with no disk-based indicators
- Document-carried attacks embedded in macros and Microsoft Office and Adobe files
- Phishing email attacks which make up a large portion of cybersecurity break-ins)
- Real-time assaults based on scripts such as PowerShell, Powersploit, and VBS
- Credential-oriented attacks including credential-dumping, mimikatz and tokens
Older-generation anti-virus (AV) software tools rely on signature matching as the fundamental mechanism for detecting malware attacks. With this technology, a distinct file hash, known as a signature, is calculated for every familiar threat. AV software continually compares incoming data against ever-expanding signature tables, and stops code that has a tell-tale digital signature. The shortcoming with this strategy is that novel malware attacks are currently being developed much faster than AV labs can create and distribute digital signatures.
Modern anti-virus platforms supplement conventional signature matching with behavior analysis. This approach examines the actions of a possible threat and determines if the activity is typical and safe or unusual and potentially threatening. For instance, does the software in question affect an exceptionally large set of processes? Does it alter the registry? Does it save keystrokes? Basically, behavior analysis focuses on suspicious activities instead of on a pre-calculated digital signature, which a hacker can easily nullify simply by changing a few inconsequential bytes of malicious code.
Prevention: Before the Breach
Novel malware attacks are being manufactured fast enough to swamp the capacity of signature-based anti-virus labs. The industry started to recognize the limitations of signature-matching endpoint protection around 2012. Since then the situation has become worse.
Malware production has increased more rapidly than signature-matching AV technology can keep up
Progent's Active Security Monitoring uses modern cloud-hosted AV labs and reputation services from major vendors to stop known malware attacks. This combined with deep file inspection and dynamic blacklisting and whitelisting give ProSight ASM an edge over traditional AV solutions. However, prevention is only the first line of next-generation anti-virus defense. Modern exploits, file-less and script-based malware easily evade signature-matching systems. As an example, hackers often use a so-called packing tool to modify a malicious file's format so cybersecurity researchers and AV software are unable to detect the threat.
Detection and Mitigation: During the Attack
The next part of the EPP lifecycle involves responding to a cyber attack while the malicious code is running after a break-in. Progent's Active Security Monitoring utilizes advanced endpoint protection techniques to spot malware activity resulting from any threat that breaks through the first wall of protection. In order to modify data, even file-less threats like memory-resident malware perform suspicious actions such as making an executable file with no authorization. Progent's Active Security Monitoring's low-profile resident software agent tracks activity in every enrolled endpoint and utilizes modern behavioral analysis and full execution context to recognize new assaults as soon as they occur. After an assault is identified, Progent's ProSight ASM at once isolates the impacted endpoint device from the grid to minimize the spread. Since the Progent's Active Security Monitoring embedded agent runs independently, endpoint devices stay secured even when they are detached from the Internet.
Recovery: After a Break-in
After containing an attack, ProSight ASM begins the restoration process. When Progent's ASM is integrated with Microsoft Windows Volume Shadow Copy Service (Windows VSS), changes to data made by a cyber assault can be immediately rolled back to a safe state with a single click. ProSight Active Security Monitoring also records all system-level files and settings that were modified by the attack and what files were restored. When Progent's ProSight Active Security Monitoring detects a new malware binary, the malware code is flagged and all machines on the network that are protected by software agents are inoculated against the latest attack. Also, the ProSight Active Security Monitoring management console offers comprehensive forensics such as an intuitive display of the attack's storyline across the network from beginning to end. This history of how an attack travelled within the network helps you to assess the impact and brings to light vulnerabilities in policies or processes that should be corrected to avoid future breaches.
ProSight ASM's management tool provides a live storyline of an attack's passage within the network
Download the ProSight Active Security Monitoring Datasheet
To download a PDF datasheet describing the major features of ProSight ASM services, click:
Progent's ProSight ASM Ransomware Protection Services Datasheet. (PDF - 89 KB)
Contact Progent about ProSight ASM Services
To find out more information about ways Progent can assist you set up an affordable and effective ransomware protection solution with Progent's ASM service, call 1-800-462-8800 or see Contact Progent.