This is a running list of intrusion prevention tools that I am interested in.
Host Based Intrusion Prevention
“CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Falcon platform is delivered via the security industry’s only 100% native cloud architecture, integrated with 24/7 managed hunting capabilities and in-house threat intelligence and incident response teams. CrowdStrike’s unique Threat Graph harnesses the cloud to instantly analyze data from billions of endpoint events across a global crowdsource community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.”
Endgame runs in the kernel (like CrowdStrike) and is able to detect and malicious system behavior by using Hardware Assisted Control Flow Integrity (HA-CFI) and Dynamic Binary Instrumentation (DBI). It has a great administrator portal for incident investigation as well.
Web Brower Protection
This class of security product proxies and protects drive by downloads
The Fireglass web proxy completely protects end users from all drive by downloads. It proxies all webpages seen in to images making them completely harmless. The end user experience is the same as browsing the web without it. This is a brilliant solution to the drive by download problem that has plagued the internet lately.
The server side of FireGlass uses Linux LXC containers to ensure that malware does not escape.