This is a running list of intrusion prevention tools that I am interested in.

Host Based Intrusion Prevention

CroudStrike

CrowdStrike

From Crunchbase:

CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Falcon platform is delivered via the security industry’s only 100% native cloud architecture, integrated with 24/7 managed hunting capabilities and in-house threat intelligence and incident response teams. CrowdStrike’s unique Threat Graph harnesses the cloud to instantly analyze data from billions of endpoint events across a global crowdsource community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.”

CrowdStrike

Endgame

Endgame

Endgame runs in the kernel (like CrowdStrike) and is able to detect and malicious system behavior by using Hardware Assisted Control Flow Integrity (HA-CFI) and Dynamic Binary Instrumentation (DBI).  It has a great administrator portal for incident investigation as well.

 

 

Web Brower Protection

This class of security product proxies and protects drive by downloads

Fireglass

fireglass

The Fireglass web proxy completely protects end users from all drive by downloads.  It proxies all webpages seen in to images making them completely harmless.  The end user experience is the same as browsing the web without it.  This is a brilliant solution to the drive by download problem that has plagued the internet lately.

The server side of FireGlass uses Linux LXC containers to ensure that malware does not escape.

Fireglass

Fireglass Threat Isolation Platform

Last modified: May 2, 2018

Comments

Write a Reply or Comment

Your email address will not be published.

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

This site uses Akismet to reduce spam. Learn how your comment data is processed.