Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Trusteer Apex-at-a-Glance Preemptive, low

advertisement 
Trusteer Apex-at-a-Glance
Preemptive, low-impact defense against advanced attacks for enterprise endpoints
Elevator Pitch
Trusteer Apex provides protection against unknown, zero-day threats and advanced malware, without impacting user productivity. Trusteer Apex protects
endpoints throughout the threat life cycle by applying an integrated, multi-layered defense. This preemptive approach breaks the attack chain at strategic
chokepoints where the attack has few execution options. Trusteer Apex combines defense layers with dynamic intelligence, strengthening the overall
cyber-attack chain defense approach and optimizing the ability to preempt attempts to compromise endpoints.
IBM Trusteer Apex Advanced Malware Protection delivers:

A multi-layered defense- Our endpoint security approach is both preemptive and
multilayered. It prevents both known and unknown vulnerabilities through multiple
defenses at strategic chokepoints of the attack lifecycle.

Lower operational impact- Our endpoint protection approach is not a burden, nor
does it cause a management tax on the IT security team or the end user.

Dynamic Intelligence- Our endpoint security approach utilizes intelligence
gathered from 100 million endpoints and research so that new protections can be
incorporated rapidly as new threats emerge.
Value Statements
A multi-layered defense
Trusteer Apex provides multiple opportunities and defenses to successfully stop advanced attacks while you battle adversaries that need only be
successful once to damage your enterprise.
Lower operational impact
Transparent endpoint footprint and turnkey services become a “force multiplier” for your IT and Security Staff. Focus on what is important while Trusteer
Apex helps prevent endpoint compromise.
Dynamic Intelligence
With more than 6,000 researchers, developers and subject matter experts engaged in security initiatives, IBM operates one of the world’s broadest
enterprise security research, development and delivery organizations.
Economic Buyer CISO, VP of Security, Director of Security
Interest: Pillars of protection, TCO and entry costs for solution Does solution
have backing from threat research and security intelligence.
Technical Buyer Information Security Manager, Security Analyst,
Security Architect, Security Engineer
Interest: Pillars of protection, deployment and installation, resource and
operational costs.
1.
Would a successful attack or data breach result in significant damage?
2.
Are you concerned about gaps in existing controls for advanced threats, such that there is a current or
Qualifying Questions
near-term project for adding protections?
3.
Are you required to run known vulnerable versions of applications (e.g., Java) and are you interested
in additional protection for these applications?
4.
What amount of resources are you spending on remediating infected endpoints now, and do you feel
you have a good grasp of the scope of the problem?
5.
Do you currently run any "next gen" firewall solution (e.g., FireEye)?
6.
What is the potential damage of employee password loss to attackers?
Exploit Chain Disruption
Pillars of Protection
There a five security pillars of protection to consider for endpoint protection. While not
exhaustive of all the protections that can be placed on the endpoint, these pillars represent
the critical protection points that are used to stop advanced malware and APT’s (Advanced
Persistent Threats).

Stops the exploit code from using known or unknown (zero-day)
vulnerabilities to write a file to the file system and execute it.

Protects commonly exploited and widely used applications that
process untrusted external content, including browsers, Adobe
Acrobat, Adobe Flash, Java and Microsoft Office.

Blocks the execution of files created from exploitation of
vulnerabilities in these applications, helping prevent malware from
compromising the endpoint.
Security Integration

Shares endpoint telemetry and attack forensic data with security
information and event management (SIEM) solutions

Enables the ability to utilize security information from external
sources, such as consolidated anti-virus engines
Lockdown for Java

Prevent high-risk actions by malicious Java applications.

Administrate the trust level for Java applications reducing false
positives and user disruption.
Malicious Communication Blocking
Automated Management and Risk Reporting

Provides automated updates based on research continuously performed on a
network of tens of millions of protected endpoints.

Stops the malware from communicating with the Internet (for
example, to a command-and- control server).

Restricts untrusted files from executing sensitive operations that
can enable external communication, such as opening external
communication channels.

Prevents the malware from tampering with other application
processes.
Credential Protection

Protects users from submitting their credentials to harmful phishing sites.

Allows enterprises to enforce password reuse policies resulting in less exposure
from 3rd party site compromises.
Competitor
Generic AV Vendor
What they say they do
Detects zero-day malware with a layered approach. Combines
sandboxing with antivirus signatures and reputation to analyze
malware behavior.
Play Offense



Generic Network
Sandbox
Combats advanced attacks and persistent adversaries via a
“Continuous Threat Protection” model: Prevent, Detect, Contain, and
Resolve.

Limited visibility from network solutions
Integration between solutions and products is extremely limited,
often only reporting via central console
None of these solutions are designed to stop exploits

Limited visibility: Network solutions just cant see attacks off the
network
New Attacks –zero days- It takes time to analyze and attacks
have strong evasion.
reporting and alerts are noisy

Next Gen Endpoint
Protection
Next-Generation Endpoint Protection is a complete paradigm shift
from identification to pure prevention.


Specific protections for Corp Credentials that are NOT offered
does NOT provide malicious communication blocking.
Generic Application
Whitelisting
Records all activity on servers and endpoints to prevent the evasion
of traditional defenses and detect cyber threats.

Primary approach is whitelisting with some immature added
sensors.
dependent on third parties for advanced threats.

Process or Task
Isolation
VM isolation of
applications
Focus on protection rather than detection by using a “hardwareisolated micro-VM” for each user task. This isolation prevents the
infection of resources within the enterprise.



It is dangerous to allow the attack to occur and continue on the
host machine.
Limited use with the Intel hardware dependencies
Doesn’t prevent social engineering attacks.
Provides a “virtual container” to wall off the most frequently targeted
applications. Container is monitored for malware and for later
analysis to prevent future attacks.



Difficult to deploy and manage
Doesn’t prevent credential loss
Concern over endpoint productivity
Related documents
Real Life examples of Geometry
Real Life examples of Geometry
Letter of Intent Contact Sheet - Bristol
Letter of Intent Contact Sheet - Bristol
Gallaugher2_0-PPT
Gallaugher2_0-PPT
File
File
Virtual Worlds - Cyberspace Law and Policy Centre
Virtual Worlds - Cyberspace Law and Policy Centre
Reading instructions for Stallings: “Computer Security”
Reading instructions for Stallings: “Computer Security”
The State of Cloud-Based Security
The State of Cloud-Based Security
Download
advertisement