Inside Digital Guardian's Advanced Threat Protection: Part Three
In today's blog, the last in a three part series, we break down what differentiates Digital Guardian's Advanced Threat Protection capabilities from other endpoint detection response products. Read the first part in this series here and the second part here.
Advanced Threat Protection:
What differentiates ATP from other EDR type products is its ability to not only detect, but actually block activity in real-time. If your signatures and detections are all server-side and generated after logs have been sent up, this is not Real-Time. Adding in the ability for Real-Time Prevention is the ultimate goal in order to successfully thwart impending attacks. Digital Guardian’s ATP product has this capability via the rules engine. It can also block based on any component of metadata observed within the logs. If you want to block a binary that has a specific Signature Issuer because it’s been recently reported that the signing Company has been compromised, no problem! If you want to block binaries that have no Company Name, Product Version, and are executed from a temporary directory; no problem! Our rules engine can do all the above and then some, which puts the power into your hands, and not just what your security vendor tells you to block on.
Ultimately leveraging both Real-Time Detection and Historical Detection capabilities provides a more encompassing and layered approach to host-based threat detection. Digital Guardian’s ATP technology employs both to ensure incident responders and security analysts are well equipped to deter, detect, and neutralize cyber-attacks.