Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview.

Published byHomer Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview."— Presentation transcript:

1 ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview

2 2 © Copyright 2015 EMC Corporation. All rights reserved. RSA ECAT Detect by behavior of malware rather than a signature Deep endpoint visibility & real-time alerting Intelligent risk level scoring system to prioritize threats Confirm infections quickly & block with precision in real time Detect by behavior of malware rather than a signature Deep endpoint visibility & real-time alerting Intelligent risk level scoring system to prioritize threats Confirm infections quickly & block with precision in real time ECAT Scan Monitor & Alert Analyze Take Action OVERVIEW

3 3 © Copyright 2015 EMC Corporation. All rights reserved. RSA ECAT: Key Highlights  Deep, Fast Scans [5-20 min]  Proactively finds the unknown, hidden malware  Intelligent scoring system prioritizes alerts  Take action with blocking capability streamlining analyst workflow end-to-end  Intuitive for a Tier 1 analyst to use  Light, Configurable agent (2MB on disk, 10-20MB in memory)  Enterprise scalability; 50K agents per server

4 4 © Copyright 2015 EMC Corporation. All rights reserved. Introducing: RSA ECAT 4.1 This roadmap documents contains “forward looking statements” and are plans, not commitments TAGLINE & MESSAGING Tagline: Rule Your Endpoints - with RSA ECAT Release Headline: Hunt down and block malware missed by other tools. Get the most out of your security team with a 95% reduction in alert escalations Reduce incident response time from days to minutes by finding all other infected machines and the exact location of malicious files in a single click – easily determine root cause of infection in minutes “RSA ECAT has helped narrow down a 12-hour analysis to 10 or 15 minutes” – EMC CIRC (http://www.bloomberg.com/news/features/2015-06-19/emc-is-caught-in- the-crosshairs-of-a-cyberwar-that-never-ends) NETWORK FORENSICS SIEM & BEYOND ENDPOINT THREAT ANALYSIS

5 5 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 THEMES & CAPABILITIES Enhanced Detection & Visibility Active Response Streamlined Analyst Workflow Platform Maturity Simplified Pricing

6 6 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 ENHANCED DETECTION & VISIBILITY New intelligent risk scoring method based on machine learning – closer to an easy button – Quickly triage for highest priority issues; a score that analysts can trust Intelligent score

7 7 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 ENHANCED DETECTION & VISIBILITY Gain visibility and continue to protect endpoints while outside of corporate network – ECAT Remote Agent Relay

8 8 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 ENHANCED DETECTION & VISIBILITY Enhanced Mac visibility (closer to Windows) – Real-time detection (always running agent) – Module tracking behavior (end-to-end tracking of events) – Capture network connections (to C2 domain/IP) – Network, Process, and File System Trackers – Dedicated MAC IIOCs added

9 9 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 ENHANCED DETECTION & VISIBILITY Integrate intelligence data with STIX support – https://stix.mitre.org/ https://stix.mitre.org/ – Becoming de factor standard language used to communicate a set of cyber intelligence – Used by FSISAC – becomes benchmark for future industries

10 10 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 THEMES & CAPABILITIES Enhanced Detection & Visibility Active Response Streamlined Analyst Workflow Platform Maturity Simplified Pricing

11 11 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 ACTIVE RESPONSE Blocking is here – Take action natively in ECAT – File & process blocking capabilities – Quarantine

12 12 © Copyright 2015 EMC Corporation. All rights reserved. New Blocking capabilities enable taking action against suspicious modules detected by ECAT Agent. – Files from being written to disk (an error code is returned to the application) – Files from being loaded in memory Blocking and remediation options include: – Block (no remediation) : File is blocked but remain at its location – Quarantine: Files are moved to a quarantine directory (subdir from deleted files folder) and are only accessible to system administrators. – Delete: Only after a file was moved to the quarantine folder it can be deleted from file system

13 13 © Copyright 2015 EMC Corporation. All rights reserved. Blocking is enabled for the entire organization. Blocking inheritance is also available to follow a machine group configuration or an ad-hoc scenario. Manage (add, edit, delete) all blocked modules leveraging a single view of relevant machines and machines groups, modules, IIOCs, and more. Built-in ‘defense-mechanism’ from blocking modules holding trusted certificate and whitelisted status

14 14 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 THEMES & CAPABILITIES Enhanced Detection & Visibility Active Response Streamlined Analyst Workflow Platform Maturity Simplified Pricing

15 15 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 STREAMLINED ANALYST WORKFLOW Automated Status Listing – Reduce the time analysts spend on assigning bias status to modules Configure > Global Parameters

16 16 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 STREAMLINED ANALYST WORKFLOW Streamline analyst workflow directly from its source of infection: the end-point work station by forwarding suspicious modules to a sandbox system – Security Analytics Malware Analysis, or – 3 rd party sandbox support (ie Cuckoo)

17 17 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 THEMES & CAPABILITIES Enhanced Detection & Visibility Active Response Streamlined Analyst Workflow Platform Maturity Simplified Pricing

18 18 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 PLATFORM MATURITY An already enterprise class endpoint solution becomes even better - o Role based permissions o REST API o Overall performance of the UI

19 19 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 THEMES & CAPABILITIES Enhanced Detection & Visibility Active Response Streamlined Analyst Workflow Platform Maturity Simplified Pricing

20 20 © Copyright 2015 EMC Corporation. All rights reserved. Introducing RSA ECAT 4.1 SIMPLIFIED PRICING Eliminated the separate ECAT server cost and SKU – Combined the server cost into ECAT host Combined separate HashDB SKU into ECAT host – ONE SKU for ECAT product! Introducing subscription pricing in addition to perpetual Simplified # of tiers ECAT Tiers

21 EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

Download ppt "ECAT 4.1 – Rule Your Endpoints What’s New Customer Overview."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Chapter 13: Sharing Printers on Windows Server 2008 R2 Networks BAI617.

Chapter 13: Sharing Printers on Windows Server 2008 R2 Networks BAI617.
Using The WDK For Windows Logo And Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

Using The WDK For Windows Logo And Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Motorola Mobility Services Platform

Motorola Mobility Services Platform
2011 / 9/11/2015 2 S V E Security for Virtualized Environments The first comprehensive security solution for.

2011 / 9/11/ S V E Security for Virtualized Environments The first comprehensive security solution for.
Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.

Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Highlights Builds on Splunk implementations – extending enterprise value to include mission-critical IBM mainframe data. Unified mainframe data source.

Highlights Builds on Splunk implementations – extending enterprise value to include mission-critical IBM mainframe data. Unified mainframe data source.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
CensorNet Desktop Surveillance Description, Target audience, Positioning Components, Features www.censornet.com.

CensorNet Desktop Surveillance Description, Target audience, Positioning Components, Features
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Similar presentations

Ads by Google