For nearly a decade, Avecto’s customers have relied on Defendpoint to underpin “traditional AV”, next generation AV, machine learning and advanced network-based analysis solutions. Despite notable advances, detection will never reach 100% efficacy.
With the rise of ransomware and techniques such as file-less malware, the damage inflicted is not only greater, but the attack is harder to detect. In a typical organization even a 1-2% malware miss rate can equate to 100-1,000 computers being compromised – a lot of operational work.
A further challenge is insider threats, where users leverage excessive local or network privileges to compromise the environment. A sound security strategy focuses on reducing attack surfaces available to external and internal threat actors as well as effective detection and response.
Analysis such as Hierarchy of Cyber Needs and Gartner Adaptive Security Architecture all points to the highest security return on investment being gained by starting with effective configuration management and platform hardening.
McAfee recognizes the importance of proactively securing the platform alongside its cutting-edge endpoint security offering. As a long time Intel Security Innovation Alliance (SIA) partner, Avecto works with Intel Security to improve the security posture through a combination of proactive preventative measures, as well as state-of-the-art detection and response capabilities.
Defendpoint stops malware and insider threats from affecting the core system; preventing pass-the-hash attacks, rootkits and attempts to bypass security tools. It not only provides protection for the system, but also mitigates the risk of attack. What happens when you implement privilege management? Most attacks fail. In fact, removing admin rights mitigates 94% of critical Microsoft vulnerabilities according to the 2016 Microsoft Vulnerabilities Report. This is a great place to start from, and from there you can layer on detection and response capabilities such as McAfee Real Protect to identify malware and suspicious activity, without relying on known signatures.
Avecto and Intel Security take a pragmatic approach to security and allow users the freedom to do their job. With user flexibility, one key security challenge is handling the unknown. Trusted applications such as the browser, Office suite or PowerShell are often exploited by unknown malicious content contained in phishing emails. Defendpoint’s content isolation capabilities stop trusted applications being exploited by preventing access to data or privileges combined with contextual application control to prevent malware payloads from launching.
McAfee Dynamic Application Containment (DAC) complements this with rule- based application containment of unknown or “grey” apps. This leverages McAfee DXL and the McAfee Threat Intelligence Exchange (TIE) layer to ascertain the global reputation of an app. This prevents untrusted applications from performing dangerous activities or accessing data. The combination of Defendpoint’s capability of isolating trusted apps opening untrusted content, and the intelligence-driven containment of untrusted apps by DAC represents a best-of-breed security practice.
The Intel Security partnership has been great for advancing endpoint security because they recognize that other technologies have an important role to play in an endpoint security strategy. Avecto’s complementary proactive approach to endpoint security allows us to add considerable value to the technologies that Intel Security offers, resulting in tangible benefits for our end customers.
Avecto has pioneered a unique approach to endpoint security since 2008, introducing proactive measures that reduce the attack surface of an endpoint. As such, Defendpoint is deployed in many of the largest banks, health care systems, manufacturers, technology makers and retailers around the world – with a 98% Avecto customer renewal rate.
It’s unfortunate that quadrants, waves, and feature lists don’t measure return on investment or the benefits of combining such technologies. Our strategy is to stay focused on the fundamental measures. It’s a different way to think about endpoint security. It’s what we do.