APT Detection and Response

1. Identify abnormal behavior based on behavioral rules (IoA), with machine learning and big data analysis to classify rare behaviors.
2. Identify attack indicators based on threat intelligence collected from thousands of APT attacks over many years.
3. The mechanism "Only trust what is trustworthy" enables quick detection of strange elements appearing in the information technology system.
4. Identify common data leak behaviors found in APT attacks.

1. Control the connection and use of external storage devices.
2. Control the connection and use of Wifi networks.
3. Filter and control network for inbound and outbound network traffic.
4. Control access to the protected file system and registry.
5. Control the list of installed programs.
6. Control the list of device drivers.

One of the key features of Vulnerability Management is vulnerability scanning. KeyShield scans the endpoints for known/unknown vulnerabilities and compares them against a comprehensive vulnerability database. This process helps identify any outdated software, misconfigurations, or other weaknesses that could be exploited by attackers.

Once vulnerabilities are identified, KeyShield assists in prioritizing them based on their severity and potential impact on the system. This helps organizations focus resources on addressing the most critical vulnerabilities first, thereby reducing the risk of exploitation.

1. Application control is a key component of KeyShield that helps prevent unauthorized or malicious applications from running on endpoints. By leveraging application blacklisting techniques, KeyShield allows organizations to block or restrict the execution of unapproved or potentially harmful applications.
2. Network control is another crucial function of KeyShield that focuses on preventing attacks originating from network connections. This feature enables organizations to monitor and control network traffic to and from endpoints, thereby reducing the risk of network-based attacks. This helps prevent the spread of malware, stop command-and-control communication, and thwart network-based attacks such as phishing attempts or data exfiltration.

1. Single tenant deployment refers to KeyShield being implemented for a single organization or customer. This deployment model provides dedicated resources and infrastructure, ensuring that the organization has full control. It allows for customization, tailored policies, and independent data storage, providing a high level of security and flexibility to meet specific organizational requirements.
2. Multi-tenant deployment enables an KeyShield to serve multiple organizations or customers within dedicated infrastructure. It offers centralized management, scalability, and cost-effectiveness, making it suitable for managed security service providers (MSSPs) or organizations with multiple subsidiaries or departments.
3. Integration with SIEM systems is a key capability of KeyShield, enabling seamless collaboration and information sharing between the two. KeyShield can send security events, alerts, and detailed endpoint telemetry data to the SIEM system. This integration enhances threat detection and response capabilities by leveraging the correlation and analysis capabilities of the SIEM platform. It allows security teams to have a holistic view of security incidents, combining endpoint-centric visibility with network and system-wide context for comprehensive threat detection and investigation.
4. KeyShield provide webhooks, which are a mechanism for real-time communication between KeyShield and external systems. Webhooks allow external applications or services to receive notifications or data updates from the KeyShield. This capability enables organizations to integrate with other security tools, ticketing systems, or custom workflows, enhancing automation and enabling faster incident response.