Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ami_Barayev1
Employee Alumnus
Employee Alumnus

Endpoint Security / SandBlast Agent Newsletter - Version – E81.40

Hi all,

We recently released SandBlast Agent E81.40!

E81.40 introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk162334.

 

New Engine – Machine Learning Static File Analysis

We are constantly working on improving our detection/prevention engines and on new technologies to mitigate new threats.

We are happy to introduce the availability of a new detection/prevention engine – Static File Analysis power by Check Point Machine Learning algorithms.

This new technology consists of examining the executable file, inspecting hundreds of static features which are processed by the Machine Learning algorithm to provide very quick verdicts.

 

The benefits are:

  1. Ultra-fast scans and verdicts are given in a few tens of milliseconds.    
  2. No performance impact on the machine.
  3. Up-to-date Machine learning models – updates are pushed to the client when needed.
  4. Extremely low false positive rate.
  5. Complements SandBlast Agent security offering with no additional fee for threat prevention licensed customers.

Note that as of E81.40, Static File Analysis is enabled by default. 

ccc.png

Mitre ATT&CK view in Forensic Report

The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization's risks.

The framework aim is to improve post-compromise detection behavior understanding in enterprises by illustrating the actions an attacker may have taken.

The E81.40 Forensics reports support the MITRE ATT&CK matrix which adds another layer of information to better understand the attack flow and technics/tactics used as defined in the framework.

aaa.png

ddd.jpg

 

Anti-Exploit detection of DejaBlue CVE-2019-1181

DejaBlue is a pre-authentication remote code execution vulnerability in Remote Desktop Protocol, similar to recent BlueKeep CVE-2019-0708 vulnerability.

The SandBlast Agent Anti-Exploit engine is able to detect and prevent against DejaBlue attacks.

This improvement is a continuation of our rapid release of protection against Bluekeep vulnerability where SandBlast Agent was the first endpoint security to provide a real detection and mitigation for Bluekeep.

bbbb.png

 

Behavioral Guard and Forensic Enhancements

E81.40 introduces the following enhancements to Behavioral Guard and Forensics:

  • Remote Desktop Protocol identification – Forensics reports will present information such as remote users who log into the machine, machine name, IP address, and remote connection access (inside or outside the network).
  • Injection identification – Forensics reports now showcase and highlight injections that happen during an incident.
  • Privilege Escalation identification – Forensic report will present process integrity levels and privilege escalation.
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events