Virtualization Technology News and Information
Endgame Introduces Reflex Real-Time, Autonomous Protection Engine To Close Adversary 'Breakout' Window

Endgame announced the launch of Endgame Reflex, the first autonomous adversary prevention and detection engine for customized response that does not require cloud connectivity.

"As attacks continue to plague networks, IT and security operations teams face the challenge of inflexible, IOC-centric tooling that prevents them from developing effective post-compromise detection and response. Overwhelmed by false positives and brittle detections, analysts must manually respond to the threat, often well after an initial breach. Reflex changes all that," said Mark Dufresne, VP of Research at Endgame.

Reflex enables customers to create and deploy high-confidence, customized behavioral protection rules - a capability that takes Endgame beyond the simple detection alerts seen in most endpoint protection platforms (EPPs). The Endgame agent's unique "zero OS trust" telemetry-gathering and enrichment allow it to automatically and flexibly respond to the threat faster than ever before. And, the lack of cloud dependence means customers can be assured that policy is fully enforced on every endpoint at all times.

Both Endgame-provided and customer-configurable detections and preventions happen on the endpoint, in real-time. Removing human delay, cloud latency, and the "breakout window" that undermines effective alert triage enables organizations to finally meet their business operations, security, and compliance requirements. Reflex delivers this powerful capability across Windows, Mac, and Linux.

Endgame Reflex combines three unique technologies -

  • A stateful query language. Event Query Language (EQL) is a powerful and extensible open-source language developed by Endgame to express relationships between security-relevant events. EQL can chain multiple behaviors to describe unwanted, suspicious, or malicious behaviors. Endgame users can describe and detect unwanted behavior at a MITRE ATT&CK technique level or by combining techniques, identifying attacks at the earliest and all stages of an attack.
  • A fail-safe IDE. The Endgame UI includes a unique Interactive Development Environment for creating customized Reflexes - the combination of detections and responses - unique to the business and compliance requirements of an enterprise. The IDE can also test each model's efficacy against a baseline of enterprise activity to prevent false positives.
  • Host-based, inline execution engine. As events occur on the endpoint, Endgame collects and enriches telemetry on the endpoint itself, passing it through the attack models in near-real-time for the fastest possible prevention and detection across Windows, Mac, and Linux without any requirement for cloud connectivity.

Reflex joins the company's industry-leading preventions including Malwarescore for file-based attacks and malicious Microsoft Office files, and Endgame's patented behavioral preventions which block exploits, fileless attacks, ransomware, and more in real-time. Reflex redefines market-leading protection, bringing together endpoint-based preventions, and pre- and post-compromise detections across the entire MITRE ATT&CK matrix, with the fastest possible response and full configurability.

"Endgame Reflex is yet another demonstration of our commitment to delivering a solution with the broadest scope, highest efficacy, and lowest resource utilization in a single agent, packing far and away more power than any other solution," said Ian McShane, VP of Product Marketing at Endgame.

Published Thursday, May 16, 2019 8:34 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2019>