Security AnalyticsIntegrated Corvil - Endgame Security Solution

Avoid Business Disruption and IR Costs Through Integrated Protection
Across Network and Endpoint

Increasing Diversity and Complexity of Attacks

Attackers are using sophisticated and customized malware and malwareless attacks to evade detection and achieve their objectives. Targeted attackers are creative, persistent, and often well-funded, gathering knowledge about an organization’s defenses and IT infrastructure to extend their reach while hiding within enterprise networks. In addition to defeating a continual stream of known attack techniques, enterprises must assume that their networks are already compromised by motivated, targeted attackers capable of bypassing traditional signature-based defenses.

Outcomes

  • Streamlined SOC operations and improved analyst productivity
  • Lower adversary dwell times through early prevention and precision response
  • Reduced IR costs through pre-loss threat neutralization and automated investigation
Endgame Integration

Targeted Attack Protection

Learn More
Endgame Integration

Endgame and Corvil Streamlines Targeted Attack Protection

Learn More

Ranked #1 for Network Analysis that Integrates Intelligently With Your Ecosystem

Info-Tech Research Group

Read the Report

"The Endgame - Corvil partnership provides the combination of deep shared insights across attack surfaces with automation and integrated workflows creating focused response needed to help ebb the rising frequency and costs of today’s cyberattacks. It promises to provide relief to overburdened security teams who would otherwise be forced to work across fragmented toolsets."

Enterprise Management Associates

Solution Overview

Streamlined Investigation and Integrated Protection Across Network and Endpoint

With granular visibility and automated investigation across users, network and endpoint, Corvil and Endgame provide comprehensive protection and empower security teams to do more.

The joint solution combines Corvil’s context-enriched, real-time visibility into network communications and user activity with Endgame’s full-stack endpoint protection of the hardware, kernel, and memory to stop targeted attacks. The integration enables automated actions and integrated intelligence sharing across network and endpoint data sources to reduce blind spots and provide extensive and accurate detection, investigation, and precision response.

With automated data correlation, key security use cases spanning prevention, detection and response, and hunt are informed by real-time context. Workflow enhancements, including single-click investigations, empower analysts to rapidly investigate and stop active threats, such as anomalous user behavior or covert back-channel communications. Analysts can visualize and investigate communications for a given endpoint and gain deeper insight into host roles – relevant context for assessing risk.

By integrating endpoint threat protection with visibility into network traffic, user activities, and other traditional security blindspots, Endgame and Corvil enable customers to stop targeted attacks before damage and loss occurs.

Highlights

  • Comprehensive visibility across user, network and endpoint
  • Combined deep packet analysis with full stack endpoint defense across hardware-level, kernel, and memory
  • Automated threat hunting through single-click pivots
  • IOT and uninstrumented host threat identification
  • Intelligence correlation and sharing across surfaces
  • Surgical response to neutralize threats without disruption
  • Detailed forensics
  • Virtual security chatbots to elevate security analysts

Corvil has again been named a Visionary in the 2018 Gartner MQ for NPMD Read the Report

Key Capabilities

Streamlined Integration

Simplified workflows combine the strength of network visibility and analysis with automated endpoint investigation and response. For example, one-click action to initiate hunts on new devices communicating as domain controllers or other key hosts that may be automatically discovered through their network communications.

Comprehensive Visibility

Granular visibility across network packet payload inspection and endpoint kernel and memory. The endpoint agent rapidly detects advanced attacker techniques, while network traffic surfaces tunneling, encryption and certificate weakness, remote control activity, and details of remote user actions to provide full depth of the attack.

Protection to stop targeted attacks by detecting ongoing malicious communications and advanced attacker techniques across the breadth of the attack lifecycle without relying on known indicators of compromise.

Precision Response

Precision response prevents damage and loss by blocking exploits, malware, and malwareless attacks, prohibiting adversaries from gaining a foothold in the enterprise.

Automated Triage

Automated alert triage by leveraging contextual dimensions of user, endpoint hunt results, and threat intelligence to minimize alert noise and prioritize analysts’ efforts more effectively.

Automated Intelligence Exchange

Automatic sharing of intelligence across network and endpoint surfaces provides more extensive and accurate detection, protection, and enable precision response.