Wave Endpoint Monitor detects anomalous behavior
Posted on 13 September 2012.
Wave Systems announced Wave Endpoint Monitor (WEM), a solution that detects malware by leveraging capabilities of an industry standard security chip onboard the PC.

WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits.


Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record (MBR), and can persistently infect higher-level system functions including operating systems and applications.

“APTs facing enterprises today are more complex, nefarious and sophisticated than ever before,” said Richard Stiennon, Chief Research Analyst at IT-Harvest and author of Surviving Cyberwar. “Malware hiding in a device’s BIOS will go undetected by traditional anti-virus programs operating at the OS level, creating a strong need for a solution that can identify an attack as it happens. Because Wave’s approach is rooted in hardware-based technologies, rootkits and other malware can be spotted before the OS even starts.”

Wave Endpoint Monitor captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the Trusted Platform Module (TPM), a security chip located on the motherboard of all business PCs. If anomalies are detected, IT is alerted immediately with real-time analytics.

Capabilities of Wave Endpoint Monitor include:
  • Securely reports PC integrity measurements for central reporting and analysis
  • Ensures data comes from a known endpoint
  • Alerts IT administrators to anomalous behaviors, which can be linked to the presence of malware
  • Provides configurable reporting and query tools
  • Ensures strong device identity through the use of hardware-based digital certificates
  • Remote provisioning of the TPM.
“Today’s security threat environment calls for industry-proven solutions to collect and analyze pre-operating system health information and to ensure endpoints are known and trusted,” said Steven Sprague, CEO of Wave Systems. “Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss. Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints.”





Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //