1. AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
Jinan Jaber, Director of Business Development November 2017 t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved

2. Why AppGuard Endpoint Prevention?
AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
Undefeated Security: Proven technology - AppGuard has NEVER been breached
Off and On Premise Protection: No need for updates or Internet connection
Transparent Protection: Small footprint (under 1MB), no end user disruption or operational impact
“AppGuard should be on every Windows system in the world” Robert Bigman, Former CISO, CIA
Centrally managed, scalable, enterprise level solution
Why AppGuard Endpoint Prevention?
What does AppGuard Solve?
Undetectable Attacks: AppGuard stops evasive attacks including ransomware, file-less malware, weaponized documents, and Zero day attacks that bypass detection based solutions
Need for Continuous Updates: No need for updates or Internet connection – unlike detection solutions that need continuous signature updates
Operational Disruption: No bloated endpoint or interference with other security solutions
User Interference: User can operate normally, small footprint, never faced with a security decision
Habitual Clickers: Even with cyber awareness training, users fall victim to sophisticated attacks. AppGuard doesn’t put important security decisions in the hands of users. It is the last stage of defense preventing malware from detonating
Unpatched System Vulnerabilities: Attackers are exploiting unpatched system. Unlike other solutions, AppGuard protects even unpatched systems
Anti-Virus alone is not effective
Breaches continue to happen. Documented cases where AppGuard stopped WannaCry at day Zero
Questions to Ask
How are you protecting against targeted phishing , zero day attacks, file-less malware and ransomware?
What security measures do you have in place for endpoint security? Are you protecting your employees off premise as well (home/personal device)? What concerns you most?
How may endpoints/servers do you have? What operating systems?
Do you have ongoing or upcoming initiatives to review your endpoint solutions?
Are you open to a 30 minute discussion/webinar to learn about AppGuard’s unique approach to endpoint prevention?
Endpoint Prevention: No Compromise – 1 M new malware every day- AppGuard stops them all
Patented Technology: Isolation in runtime and Inheritance patents prevent non-policy conforming actions at the process level, without detection
Supports Windows endpoints, server, POS, ATM
Proactive Intelligent Prevention: No need for reactive incident response and containment
Indicators of Attack: AppGuard prevents compromise. Indicators of Attacks (IoA) logs can integrate with SIEM
What is AppGuard? t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved

3. AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
AppGuard Key Benefits
AOL. AOL has been a very successful partner and distributor of AppGuard for almost 4 years, under their flagship solution: AOL Tech Fortress, Powered by AppGuard. AOL wanted to offer its members and small business optimal effective security beyond traditional AV’s. AppGuard provides a very scalable solution. We currently support over 60,000 endpoints in our engagement with AOL and this number is expected to grow exponentially with the Yahoo and Verizon acquisition (AUTH). AppGuard works out of the box, and doesn’t interfere with the user experience. Throughout our engagement with AOL, we’ve had less than 10 support calls from users.
Large UK based MSSP provider. They got hit by WannaCry ransomware attack while deploying AppGuard Proof of Concept. They had several other endpoint solutions they were evaluating. The only computers that was safe was the one that had AppGuard installed and configured. AppGuard was able to stop WannaCry on day ZERO. All the other endpoints that didn’t have AppGuard were compromised. As a result, this large MSSP is now an AppGuard client.
Customer Success Stories
“Isolation Technology” prevents all non-policy conforming actions at the process level and protects the system from advanced attacks
NOT based on detection technology such as: Signature based AV, Pattern matching, Sandbox, Behavioral Analysis, Reputation, EDR, Virtual Containment, White Listing, Anti-Exploit (EMET)
Light weight, small footprint engine below 1MB with high processing performance
Patented “Inheritance” allows for minimal set of policies allowing simplification of operations and reductions in operating costs
No Indicator of Compromise and prevents threats at the time of the attack providing Indicator of Attack intelligence allowing security operations to become proactive
Advanced attacks that are difficult to detect by traditional methods such as memory attacks, fileless malware, weaponized documents, script based, are completely prevented. Breach prevention regardless of zero day, unknown or known threats t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved

4. AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
Only addresses file/executable based attacks, susceptible to same obfuscation tactics that fool antivirus
No proven solution for fileless attacks (non-malware and in-memory attacks); machine learning is not tuned for scripts within weaponized documents
Machine learning is ultimately just another form of signature-based detection
Defenseless against zero-day attacks combined with fileless tactics
More false positives than industry norm; Google Chrome gets flagged repeatedly
Useless against Pass-the-Hash/Ticket attacks
Missed about 2% more malicious samples than other solutions in public bake-offs
Has reportedly rigged bake-off tests to make competitors look bad (Ars Technica, April 2017)
No remediation capabilities, which is important for tool that misses non-malware and in-memory attacks and is fooled by obfuscation tactics
Large footprint: 1GB – 2 GB needed
Cylance
Carbon Black/Bit9
Three separate products - “Defense” (behavior analytics), “Protect” (whitelisting), and “Respond” (EDR) packaged together, requires more effort to use
Ineffective at blocking of non-malware and in-memory attacks - can detect and react afterwards; in-memory blocking policies are extremely complex & brittle, too difficult to use
Huge total cost of operations (TCO) - whitelisting, EDR, and behavior analytics are three of the most labor intensive Sec-Ops areas; Cb has all three and more
Staffing requires many specialists to triage alerts, tune out false positives, and respond to compromises
Automated behavior blocking features are typically not enabled because of false positive fears (“Defense”), requiring specialists to analyze/act before total enterprise compromise
Optionally uploads customer documents for analysis; there have been severe data disclosures (CSO Online, Aug 2017)
Large footprint: 4GB needed
SentinelOne
Can detect but cannot block Pass the Hash/Ticket Attacks. These are basis for most lateral movement after initial endpoint compromises.
Customers often disable automated behavior blocking features fearing false positives disrupt end-users
Many complaints about customer support; it’s also limited to only
As a post-detonation product, it relies on its rollback feature, but this fills up hard drives with numerous snapshots (fewer means less rollback in time)
Tons of false positives, a published customer review states their system has over 10,000 that they must individually mark as good or bad
The many required ropolicy exceptions for applications diminishes ptection
No on-site/cloudless management option t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved

5. AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
Protection degrades offline; gets worse with time
Little to no practical protection from malicious in-memory actions, including pass-the-hash/ticket
Ineffective non-malware attack defense; must see through obfuscation tactics to block
Customers disable automated behavior blocking, fearing false positives disrupt end-users
Many customers have complained about support
Daily policy maintenance, alerts triage, and false positives tuning require large, high-skilled staff
Confusing licensing terms
Database corruption/recovery issues
Unacceptable performance overhead on older endpoints and non-persistent VDI
Disrupts end-users with blocking of legitimate executables
Symantec
McAfee
Analysts say McAfee may be losing more customers than their top 5 competitors combined
Upgrade from 8.8 to 10.5 is as difficult as switching vendors entirely, because ePO integrations with existing systems breaks with upgrade, losing significant market share
Majority of customer base is trapped with 8.8, have turned off HIPS, relying solely on signatures
10.5 can block some weaponized document attacks, if its complex, explicit, per-application rules are correct
10.5 features behavior analytics, but automated blocking is typically not enabled
CrowdStrike
Very limited endpoint compromise prevention capabilities - can block launches of executables not on whitelist, if capability is deployed
Whitelisting is immature (e.g., adding executables requires customer service)
Requires extensive Ops to analyze alerts, respond, quarantine, and remediate preventable breaches
Overwatch EDR Service - limited to spotting well-known IoC’s, effective threat hunting requires thorough familiarity with environment
Doesn’t block in-memory actions
Cannot block non-malware attacks without disabling legitimate utilities
EDR forces customers to expose server endpoints to Internet, a frequent complaint
Susceptible to termination and manipulation by attackers – agent relies on “user-land hooking”
Enterprise must depend on employees NOT clicking on things – no protection compensating protection controls t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved

6. AppGuard Endpoint Prevention Battle Card
For AppGuard Sales Team and Channel Partners
“All endpoint security products are alike”
There are dramatic differences in AppGuard’s approach to endpoint prevention vs. other detection-based solutions in the market today. AppGuard doesn’t rely on scanning known signatures or patterns to identify good from bad files. The AppGuard light-weight agent sits low at the kernel level and we apply our patented technology to block unacceptable actions like code injection, or writing to the registry at the process level.
“I’m already protected. I’ve never had a breach. Why should I buy AppGuard?”
We believe in a multi-layered approach to security. AppGuard has never been breached. It works well with other solutions, and gives the peace of mind as the last line of defense, even when a user clicks on a link or opens an infected file – AppGuard will prevent the malware from detonating.
“How come I’ve never heard of you before?”
AppGuard’s patented technology was developed in It was built with the main objective of serving the US defense and intelligence communities security needs. AppGuard was recently contributed to a joint cybersecurity venture after winning a technology bake off sponsored by many of the largest organizations in Japan. The company is now focused on growing its market share in the commercial and enterprise space both in the US and globally.
“How come AppGuard doesn’t require any updates? It seems too good to be true.”
Our technology does not require constant updates or the need to build lists of known security threats already identified by other sources. Based on the premise of “Trust but Verify”, AppGuard’s patented technology blocks unacceptable actions like code injection or writing the registry that an application such as Word for example shouldn’t need to do, preventing compromise in the first place.
“Can I replace my current AV with AppGuard?”
Yes, AppGuard can replace your AV as it will prevent compromise from known and unknown malware. Some clients have regulatory requirements for scanning (PCI, HIPAA). In those cases, AppGuard works well with other AV solutions, including Microsoft Windows Defender’s free AV solution.
“Do you only support Windows?”
Yes. Our integrated software only approach is seamless with all Microsoft Windows platforms, stands alone with no OS hooks, and includes all documented APIs. AppGuard is compatible with all Windows versions XP to 10, and Windows server 2008 R2 and above. (Servers, Point of Sale, ATMs, desktops, laptops, tablets)
“Will AppGuard cause performance issues for my end-users?”
AppGuard has the lightest footprint on your computer in the industry. Because it doesn’t scan or update, there are no performance issues. AppGuard is built to be simple, efficient and elegant, seamlessly integrating into the Windows Operating system.
“Will AppGuard block applications from running?”
AppGuard will allow all digitally signed applications to run and guards those applications in run-time. End users, even local Administrators, who wish to install software require an exception strategy. AppGuard puts the control in the Administrators hands using several different secure and safe options.
Common Objections and How to Overcome Them t
Safety for the Connected World 
Highly Confidential
©2010 Blue Ridge Networks Proprietary. All rights reserved