RSAFollowing the launch of RSA Security Analytics earlier this year, RSA launched RSA ECAT V.3.5 this week with the intention of improving endpoint threat detection and helping customers defend against cyberattacks and intrusions at the network level.
RSA ECAT (Enterprise Compromise Assessment Tool) is an enterprise malware-detection and response solution that enables organizations to scan and monitor Windows endpoints for even the most elusive malware, including deeply hidden rootkits and other advanced threats used in targeted attacks.
By automating the detection of anomalies within applications and memory, RSA ECAT employs a fundamentally different approach than traditional anti-malware solutions. The cornerstone of this approach – per-process live memory analysis – provides a granular view of what’s happening in memory to quickly find traces of compromise and malicious activity.
As a result, analysts and incident-response teams do not waste time filtering through background noise and false positives. With broad whitelisting and software-reputation services built in, known good files are identified and added to the baseline, highlighting truly malicious activity for immediate attention.
With cyber-attacks, cybercriminals, targeted attacks and state-sponsored hackers making it to the headlines daily, there is a constant pipeline of governments, enterprises and other organizations that have been compromised. Trying to secure the dissolving perimeter of a modern enterprise, and using signature-based technology such as anti-virus to detect advanced threats, is fighting yesterday’s battle with antiquated weapons.
CISOs need to work on the assumption that with the hyper-connectivity and increased openness of IT infrastructures, they will have to defend against threats from inside their networks, not at some mythical perimeter, which includes putting in place the tools to identify intrusions, spot even the faintest signs of attack, and act before damage is done.
To that end, deep endpoint visibility is a must. While, network-based security solutions are critical in order to detect suspicious activity traversing the network, there are other gaps that need to be filled to help CISOs understand the cause and the scope of the breach.
RSA ECAT is a signature-less malware detection tool for endpoints that helps organizations detect, analyze and respond to advanced threats. Combining live memory analysis and in-depth inspection of host behavior, RSA ECAT is designed to help security teams identify previously unknown malware and compromises that other solutions miss.
With this latest release available from this month, RSA added new levels of scalability and performance allowing RSA ECAT to engineered to scale across many thousands of endpoints, offering security teams the capability to provide fast analysis and quick response to threats. Coupled with RSA Advanced Incident Management for Security (AIMS), the new solution provides a truly end-to-end solution for security visibility and incident management.