Endgame, a leading provider of endpoint security solutions to hunt for advanced threats and close the protection gap, has announced its certified integration with HPE Security ArcSight.
As the first comprehensive Indicators of Compromise (IOC)-independent endpoint platform for HPE Security ArcSight, Endgame will help customers hunt and detect unknown threats at the earliest stages of the kill chain.
Once detected, organizations will have the ability to surgically remove threats, reducing the time, cost, and disruption associated with traditional incident response.
(Learn More, courtesy of Endgame and YouTube)
Today’s attacks are growing increasingly sophisticated, and despite an estimated $75 billion per year spent on security, adversaries dwell undetected in networks for an average of 146 days – exposing organizations to massive theft and business disruption.
Unfortunately, many security teams are forced to wait for prior threat intelligence – known as IOCs or signatures – to determine whether their systems are infected.
This is a failed strategy due to the customized and polymorphic nature of today’s attacks; waiting and searching for known threat intelligence is often too late for organizations to protect themselves from damage and loss of critical assets.
(Learn More, courtesy of Endgame Automate The Hunt and YouTube)
Endgame’s comprehensive endpoint detection and response solution succeeds where others fail, detecting attacks at the earliest stage without prior threat intelligence.
These detections are fed into the HPE ArcSight platform combining event correlation and security analytics to prioritize threats in real-time, and enabling organizations to respond and remediate threats faster.
“Attackers exploit gaps in protection and visibility,” said Lyndon Brown, Director of Strategic Business Development for Endgame.
(Endgame’s Senior Threat Researcher Paul Ewing describes how to use the Endgame platform to hunt for malicious persistence that other tools miss. Specifically, he’ll walk through detecting persistence and evasion with the COM, a technique used by sophisticated attackers such as APTs and included in crimeware. Courtesy of Endgame Automate The Hunt and YouTube)
“The combination of HPE Security ArcSight and Endgame provides customers with detection of never-before-seen threats, centralized correlation, and visibility all through a single pane of glass.”
Features of HPE Security ArcSight and Endgame Integration Include:
- Complete visibility and centralized monitoring across endpoint, network, and user behavior, enabling intelligent security operations.
- IOC-independent detection of polymorphic malware and advanced attacker techniques through HPE certified ArcSight Common Event Format (CEF) alerts to enable comprehensive detection.
- Automated real-time correlation and prioritization to accelerate incident triage and investigation.
- Intuitive investigation and accelerated response through deep linking between HPE ArcSight ESM and the Endgame platform.
“Today’s cyber threats are growing in sophistication and scale, making it critical for organizations to rapidly detect and respond to attacks,” said Chandra Rangan, Vice President Marketing, HPE Security Products at Hewlett Packard Enterprise.
“The HPE Security ArcSight and Endgame integration enables customers to quickly identify and eradicate malicious attacks in the earliest stages at the endpoint for more effective response and mitigation.”
Endgame is a leading endpoint security plat that enable enterprises to close the protection gap against advanced adversaries prevent advanced attacks and detect and eliminate resident adversaries.
Endgame transforms security operations teams (SOC) and incident responders from crime scene investigators into hunters that prevent damage and loss, and dramatically reduce the time and cost associated with incident response and compromise assessment.
Our IOC-independent platform covers the entire kill chain, leveraging machine learning and data science to uncover, in real-time, unique attacks that evade traditional defenses and respond precisely without disrupting normal business operations.
