There is a fundamental problem with security that leaves us basically in the same spot: it is looking for something known – a known hash, IP address, vulnerability, behavior. Ultimately hackers are able to use enough masking techniques to bypass the security software, leaving the server or laptop once again the victim of an attack. It’s very easy to alter this malicious code with downloaded or created tools to bypass security measures. Anyone who has basic coding skills can do it. The diagram shows a few attack masking techniques, which are often used in conjunction with each other to take a known binary and cause it to appear completely new, unknown, and benign on the surface.
Along with masking techniques, hackers are using different vectors or paths to deliver the malicious code and carry out their attacks. Top attack vectors are listed to the right. Attacks can be single-vector or part of a multi-vector, more sophisticated attack.
Companies are deploying various software on the endpoint to secure it – antivirus, anti-malware, desktop firewalls, intrusion detection, vulnerability management, web filtering, anti-spam, and so on. Yet with all of the solutions in place, many high profile companies are still being breached. The recent attacks on large retail and hospitality organizations are prime examples, where hackers successfully used credit-card-stealing malware targeting payment servers to collect customer credit card information.
SentinelOne was founded by a group of international defense and intelligence experts who saw the need for a dramatic new approach to endpoint protection. Today, our growing global team remains dedicated to constant innovation.
SentinelOne’s The SentinelOne Endpoint Protection Platform (EPP) offers organizations real-time, unified endpoint protection that unifies prevention, detection and response in one platform managed via a single console. SentinelOne EPP leverages advanced machine learning and intelligent automation to protect Windows, OS X, and Linux-based endpoint devices from threats across all major vectors: advanced malware (file- and memory-based), exploits and stealthy script-based attacks. It closely monitors every process and thread on the system, down to the kernel level. A view of system-wide operations – system calls, network functions, I/O, registry, and more – as well as historical information, provides a full context view that distinguishes benign from malicious behavior. Once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins