Progent's Active Security Monitoring (ASM) services feature advanced behavior analysis technology to provide best-in-class defense for all endpoints and servers. This modern approach to malware defense addresses the new wave of cyber attacks, such as ransomware, which easily avoid detection by conventional signature-matching AV techniques.
Progent's ProSight ASM offers small and mid-sized businesses the advantages of the identical anti-virus technology used by many of the world's biggest enterprises such as Netflix, Visa, and Salesforce. By providing in-line malware blocking, identification, containment, repair and analysis in a single integrated platform, Progent's ASM cuts total cost of ownership, simplifies management, and promotes rapid recovery. The next-generation endpoint protection (NGEP) built into in Progent's ProSight Active Security Monitoring was ranked by Gartner Group as the "most visionary Endpoint Protection Platform (EPP)."
ProSight ASM services rely on a low-profile agent running on each protected device to form an active cybersecurity matrix that reacts to suspected attacks in real time and orchestrates unified defense that includes:
Progent's Active Security Monitoring is available as an affordable monthly remote service, calls for no special equipment, and secures local, online, at-home, mobile, and cloud devices. In case you experience a cyber breach, Progent can provide the support of CISSP-certified cybersecurity experts to serve as your red team to help you to utilize Progent's ASM's smart utilities to contain the attack, delete the malware from all affected devices, evaluate the damage, restore your system to the most recent working state, and determine the source of the penetration and its progress across your network.
- Real-time protection for Windows, Mac, Linux, iOS and Google Android devices
- Support for VMs running Windows Hyper-V, VMware vSphere, and Citrix XenServer virtualization platforms
- In-depth OS-level monitoring
- Signature-independent heuristics and automation
- Cutting-edge behavioral analysis
- Detection of current generation threats from all vectors
- Automated post-attack containment
- Single-click resumption of most recent secure state following a crypto-ransomware attack including Ryuk, Maze, Sodinokibi, DopplePaymer, Lockbit or Egregor
- Instant and automatic inoculation throughput the entire matrix of enrolled machines
- Real-time visualization of an attack's progress through your system
- Extensive forensics for identifying security gaps
- Centralized browser-based management tool
- Compliant with HIPAA and PCI
ProSight ASM and the Current Threat Environment
Over 97% of ransomware breaches could have been prevented by current security utilities. Unfortunately, some attacks will break through the most well-planned defenses. Today's security environment is too filled with tireless extortionists, including state-funded cyber criminals, for any enterprise to consider itself impregnable. With this in mind, Progent's Active Security Monitoring is intended not just to prevent malware from establishing a foothold on your information network, but also to react decisively to any detected penetration. This includes immediate isolation of infected devices, automatic threat removal, fast vaccination of all machines via embedded agent software, one-click rollback to a safe state and comprehensive forensic analysis to help you understand how to enhance your security profile to foil future attacks. By delivering leading-edge protection during all facets of a cyber assault, Progent's ProSight ASM represents an end-to-end solution for surviving the increasingly dangerous security landscape and avoiding the financial and reputation loss associated with a major cybersecurity exploit.
Endpoint devices such as desktops, laptops and smartphones are the most susceptible and most commonly attacked elements of a network. Progent's Active Security Monitoring services offer a unified endpoint protection (EPP) solution to handle the full lifecycle of a cyber assault including blocking, classification, remediation, cleanup and analytics. Threats recognized by Progent's Active Security Monitoring include:
Progent's ProSight Active Security Monitoring's Behavior-Analysis Threat Detection
- File-dependent attacks such as crypto-ransomware, worms, and backdoor attacks
- File-less and memory-based attacks without disk-resident flags
- Document-based malware incorporated in macros and Microsoft Office and Adobe files
- Phishing email-based assaults which make up a large portion of security break-ins)
- Live assaults based on scripts such as PowerShell, WMI, and VBScript
- Credential-dependendent assaults including credential-scraping, and mimikatz
Older-generation anti-virus tools use signature matching as their fundamental mechanism for detecting malware. With this technique, a distinct file hash, known as a signature, is generated for each familiar threat. AV software constantly compares traffic against always-expanding signature databases, and stops anything that has a tell-tale signature. The problem with this technique is that zero-day malware attacks are now being generated much faster than anti-virus centers can create and publish digital signatures.
Modern anti-virus tools reinforce traditional signature matching with behavior analysis. This approach tracks the actions of a possible threat and decides whether the activity is normal and safe or unusual and potentially dangerous. For instance, does the software under observation impact an unusually large set of processes? Does it modify the registry? Does it save keystrokes? Essentially, behavior analysis focuses on potentially dangerous actions instead of on a fixed signature, which a cyber criminal can quickly nullify simply by changing a few inconsequential bytes of malicious code.
Blocking: Prior to the Breach
Novel threats are being created quickly enough to overwhelm the ability of signature-style anti-virus platform providers. The industry began to acknowledge the limitations of signature-matching EPP about a decade ago. Since then things have become worse.
Malware production has increased more rapidly than signature-based anti-virus providers can keep up
Progent's ASM uses modern cloud-hosted anti-virus centers and whitelisting/blacklisting services from leading providers to block recognized malware attacks. This integrated with deep file inspection and shared blacklisting and whitelisting give ProSight ASM an edge over old-school AV products. However, prevention is only the first phase of modern AV protection. Sophisticated attacks, file-less and script-dependent malware routinely slip by signature-based defenses. For example, hackers often employ a so-called packing technique to modify malware code so cybersecurity researchers and AV software can't detect the attack.
Detection and Mitigation: During the Assault
The second phase of the endpoint protection lifecycle involves responding to a cyber attack while the malicious code is running after a break-in. Progent's ASM uses advanced endpoint protection technology to spot malware activity caused by any attack that breaks through the initial wall of protection. In order to compromise data, even file-free attacks such as memory-based malware perform red-flag actions like as creating an executable file without permission. ProSight Active Security Monitoring's small-footprint resident agent tracks activity in every enrolled endpoint and utilizes advanced behavioral analysis and deep activity background to detect new attacks as soon as they occur. After an assault is identified, Progent's Active Security Monitoring immediately quarantines the affected endpoint device from the grid to minimize the impact. Because the ProSight ASM embedded agent operates independently, endpoint devices remain secured even if they are not connected to the Internet.
Cleanup: After a Penetration
After isolating a malware assault, ProSight Active Security Monitoring initiates the cleanup phase of protection. If Progent's ASM is integrated with Windows Volume Shadow Copy Service, modifications to data made by a cyber attack can be quickly returned to a safe state with one click. Progent's ASM also logs any system files and settings that were altered by the assault and what files were fixed. If ProSight ASM detects a recent malicious binary, the code is flagged and all devices on the grid that are protected by agents are immunized against the latest attack. In addition, the Progent's ProSight Active Security Monitoring management console offers extensive forensics such as an intuitive display of the attack's progress across the targeted network from beginning to end. This audit trail of how an attack travelled within the network assists you to evaluate the impact and uncovers shortcomings in security policies or work habits that need to be rectified to prevent later breaches.
ProSight Active Security Monitoring's management tool delivers a live depiction of an attack's path through the network
Download the ProSight ASM Datasheet
To download or read a PDF datasheet about the major features of Progent's ProSight Active Security Monitoring services, click:
ProSight Active Security Monitoring Ransomware Protection Datasheet. (PDF - 89 KB)
Contact Progent about ProSight Active Security Monitoring Services
To find out more about how Progent can assist you create an affordable and effective crypto-ransomware defense system with Progent's ProSight Active Security Monitoring service, call 1-800-993-9400 or see Contact Progent.