Advanced Detection

 
 

The core foundational pillar of the Stormshield Endpoint Security (SES) Next Generation Endpoint Protection is the capability to monitor memory to identify and stop malware that has slipped past other protection layers by using Memory Intrusion Prevention System technology (MIPS).  This SES MIPS protection operates without any reliance on signatures or similar “looking back” detection methods.  SES MIPS detects the most sophisticated techniques used by attackers (examples include heap spraying, stack overflow, heap overflow, integer overflow and Ret-to-LibC) even if they have never been seen before – unknown.  SES MIPS uses a set of security layers that work against attempts to compromise the computer system – detection of exploited vulnerabilities (e.g., corruption of the memory in order to execute malicious code), detection of malware installed on the computer, detection of malicious actions and all other known attack methods.  An example of an attack that is a litmus test for any NGEPP solution is fileless malware - how do they stop a fileless malware attack?  SES MIPS provides this protection and can identify and stop fileless malware that has never been seen before.

Risk Reduction

 
 

The Stormshield Endpoint Security (SES) NGEPP Risk Reduction reduce risks in the face of the advanced attacks that organizations are facing today and provide the granular tuning flexibility necessary to reduce risk while maintaining computer usability for the workers.  For example, instead of just “blocking” an application there are options to control what that application can do and instead of denying all use of USB storage devices the controls to fine tune their use are provided.  The SES NGEPP Risk Reduction protections span a range of risk areas of a computer including limiting application access to the Internet, sensitive registry whitelisting, limiting application access to certain functions and preventing executables from running from USB storage devices.

Malicious Process Defense

 
 

The Stormshield Endpoint Security (SES) NGEPP monitors a range of actions that a malware will attempt and provides effective protections.  SES manages all APIs that can do keylogging, protects against all techniques and methods of DLL injections, monitors any process that is inappropriately trying to gain privileges and stops it while monitoring and preventing any dangerous behavior from drivers.  This protection is provided by SES without signatures or dependence on reputation.   The SES NGEPP sets the standard in Malicious Process Defense by integrating a range of security capabilities specifically engineered to identify and stop attacks that have managed to get by the traditional endpoint protections.

Data Protection

 
 

The Next Generation Stormshield Data Security (SDS) provides a comprehensive suite of device and data encryption protections so that data in any state, on any devices, in the cloud, shared with internal teams, provided to business partners, etc. can be easily encrypted and managed – centrally or by empowered users.  A critical aspect of SDS is to provide data encryption tools that safeguards information, customer data, employee data, company confidential data and intellectual property, but in alignment with the organizational workflow to ensure security without slowing down productivity.  SDS provides contemporary users with the broader and unhindered access to organizational data and need to share that data with internal and external co-workers.  SDS Next Generation Data Protection combines top down enforced encryption rules and policies with the empowerment of users to apply file and folder encryption for secure team collaboration.  It includes disk and file encryption, encryption for removable media, encryption for file shares and cloud storage.  SDS provides the means for compliance with the many regulatory requirements worldwide relating to the protection of private and sensitive data (for example, PCI DSS, HIPPA).

Prevention

 
 

Since a foundational requirement of a Next Generation Endpoint Protection Product (NGEPP) is to provide security while minimizing the administrative burden and optimizing the computer uptime for the end-user, Stormshield Endpoint Protection (SES) uses a variety of defenses like a honeypot, monitoring of kernels and malwares executed by a user, NX Byte detection, Heapspraying protection, generic shellcode detection, etc. to identify an attack and prevent it so that the attack is stopped but the process will still run.  SES stops the malware and information is logged about the malware but the computer end-user will be safe and will not even need to know that there was a security issue.   

Remediation

 
 

Even the most advanced Next Generation Endpoint Protection Product (NGEPP) protections may not be able to stop all malwares on all computers all of the time.  The sophistication of the attacks and the unpredictability of the human users continue to provide possible malware penetrations. 

The Stormshield Endpoint Security (SES) NGEPP provides alerts and log data about a threat and/or attack for analysis and also automates the response – both in cleaning the infected computer and limiting the spread of the malware.  This SES remediation provides automated remediation that reduces risk and helps an organization stay compliant with regulations and policies.  SES identifies that a threat is present and immediately and automatically quarantines the affected computer with the limitations on functionality and connectivity correlated to the current threat profile.  This includes preventing malwares from spreading through network shares, limiting or stopping access to USB connected devices and blocking Internet connectivity. 

Ongoing, the strictness of the security controls on the computer are automatically dynamically adjusted based on the perceived threat profile on that computer – whether it is attached to a network or mobile.   After an attack has been identified the SES NGEPP solution quickly and completely cleans the affected computer of all traces of the malware. 

Threat Intelligence

 
 

An NGEPP must be able to provide organizations with immediate and in-depth analysis of possible vulnerabilities and attacks across operating systems and applications.  The Stormshield NGEPP includes a monitoring and threat intelligence service: The Stormshield Security Research Center is comprised of the industry’s top endpoint security researchers tasked with identifying, testing and analyzing the latest vulnerabilities, attacks and threats targeting organizations worldwide.   The Research Center performs rigorous testing using the newly discovered vulnerability to gain a deep understanding as to how the attack works. An analysis regarding the vulnerability, how it works, how attackers can attempt to exploit the vulnerability and, most importantly, how to stop it, is then developed. Stormshield provides a secure portal that includes detailed reports that include all regular alert reports, analysis, trends and precautions related to all identified vulnerabilities and attacks across operating systems and a wide range of proven susceptible applications.   The Threat Intelligence service also includes the option for clients to be able to submit their own malware and attack issues for immediate analysis and intelligence.  The client receives an individualized detailed threat analysis that includes guidance for stopping, removing and preventing this and similar attacks.