Critical malware detection arsenal
Recent news reports make it clear that no matter how much money you spend, even in the most security-conscious government and commercial sectors, the bad guys will eventually breach your network’s perimeter. It may come from a zero-day exploit, a misconfigured firewall, a malicious insider, or most likely, an unintentional human error.
The iD-Tect Series provides you with endpoint security by detecting and eliminating malware command and control channels emanating from your enterprise networks. Many corporations pour thousands of dollars into hardening their perimeter defense — but from the outside in. However, the inner perimeter remains a weak spot — once malware penetrates the outer defenses, it sets up shop and begins to download exploit payloads and upload and steal your proprietary information.
iD-Tect focuses on this inner perimeter to detect and prevent malware from stealing your corporate digital assets. Just one of the iD-Tect products will add significant protection to your network security implementation, but together the iD-Tect Series provides a holistic solution to prevent data theft, giving security to your endpoint devices and your web traffic while providing robust logging and analysis capabilities.
iD-Tect Endpoint Agent is a lightweight software agent that runs as a service on Microsoft Windows servers, desktops, and laptops. Endpoint Agent has four major monitoring and recording functions to combat human, malware, and web-based avenues of data loss:
- Tracks files copied to removable media
- Logs sending and receiving of email attachments
- Monitors executable files run from removable drives
- Records device information (user account and IP address, for example) that bridges the gap between on-box activity and web traffic logs
iD-Tect Proxy Logs scours the web proxy logs to identify web traffic that, although it passes through filtering, may still represent illegitimate activity. iD-Tect Proxy Logs detects encrypted tunnels, direct IP address traffic, data flowing to foreign internet addresses, and excessive webmail traffic. Any of these may represent command-and-control channels or data exfiltration activities. It also logs authentication failures and requests to navigate to blacklisted sites. These log artifacts may indicate an endpoint (computer, laptop, and server) that is infected with malware.
iD-Tect Web Proxy controls and monitors all corporate web traffic. From Day 1, you can begin to get your arms around what’s happening in your corporate web traffic. Out of the box, iD-Tect Web Proxy comes with two external blacklists: Zeus and MDL, but it also allows you to create custom lists using any criteria you select. Blacklists provide a means to enforce acceptable use policies. Once implemented, you may realize great improvement in your network’s bandwidth usage efficiency.