Targeted Attack Protection

[rby_goddest 0]

I want to know if Eset has a feature that acts like KATA of Kaspersky for Target attack protection. and if it has, does it a web based feature or it is only supports Outlook email software??

[Marcos 5,158]

Yes. On the client side we leverage multiple technologies at various layers to prevent infection. While it's easy to bypass one layer, it's much more difficult for malware authors to bypass more of them. For more details about technologies that ESET developed to protect you, please read https://www.eset.com/int/about/technology/

Also we're going to unveil a brand new EDR solution aimed at protection against targeted attacks - ESET Enterprise Inspector which gives administrators visibility into what has been going on in their network, gives them an overview of suspicious operations typically performed by malware and enables them to take the appropriate action accordingly. Also it provides detailed and visualized information about how a particular process or script was executed. Hand in hand with the introduction of EEI, we are also going to provide EEI-based services ESET Threat Hunting and ESET Threat Monitoring for organizations that don't have their own staff for monitoring security in their network or for performing forensic analysis and finding out the infection vector in case of security incidents.

Another service that ESET already provides is ESET Threat Intelligence which leverages intelligence information gathered worldwide. This can be used for instance by financial institutions for monitoring new threats and phishing targeting their clients as the ability to submit files and have them thoroughly be analyzed in ESET's sandbox while leveraging machine learning and other techniques. For more information, please read https://www.eset.com/int/business/it-security-services/threat-intelligence/.

With the release of Endpoint v7, we are also going to introduce ESET Dynanic Threat Defense (EDTD) which is a service that submits suspicious files from endpoints to ESET's sandbox and provides a timely response to the client about the result. Administrators will see a list of submitted files along with further information about them and the result of analysis in the ESET Security Management Console (currently called ERA). What files will be submitted is fully customizable by administrators, with an option to delete submitted files from ESET's servers immediately or after some time. EDTD will enable mail server products to first analyze suspicious attachments in ESET's cloud sandbox and only then deliver emails to clients.

[itman 1,718]

On ‎7‎/‎12‎/‎2018 at 10:05 AM, Marcos said:

With the release of Endpoint v7, we are also going to introduce ESET Dynanic Threat Defense (EDTD) which is a service that submits suspicious files from endpoints to ESET's sandbox and provides a timely response to the client about the result.

Will the submitted files be locally sandboxed and suspended if execution attempted?

[Marcos 5,158]

40 minutes ago, itman said:

Will the submitted files be locally sandboxed and suspended if execution attempted? 

Locally files are scanned by advanced heuristics, ie. they are run in a virtual environment. With EDTD, suspicious files will be upload to an actual EDTD sandbox in cloud where they will be run. Besides the sandbox analysis, our EDTD system will also leverage cyberthreat intelligence data that we have gathered worldwide when assessing the dangerousness of a sample.

 

[itman 1,718]

31 minutes ago, Marcos said:

Locally files are scanned by advanced heuristics, ie. they are run in a virtual environment. With EDTD, suspicious files will be upload to an actual EDTD sandbox in cloud where they will be run.

Assumed is local heuristics is the trigger to subsequent EDTD analysis. My question is specifically will file execution be suspended until EDTD verdict returned from Eset servers. In other words, will Eset EP allow the user to block process execution for any EDTD rendered verdict of non-malicious but suspicious process? Also for verdicts of suspicious, is a confidence level included?

Or is EDTD as I suspect, only a submission mechanism with an Eset server rendering of process being malicious or not. If not malicious, process is allowed to execute otherwise it will be auto blocked. In other words as far as Eset is concerned, it can 100% determine that the process is not malicious. 

[Marcos 5,158]

It's not possible to wait with execution for several minutes, otherwise the system could become unusable. That will work only with mail servers and scanning email attachments.

[itman 1,718]

48 minutes ago, Marcos said:

It's not possible to wait with execution for several minutes, otherwise the system could become unusable.

Thanks for the clarification. Also it would be possible if certain exceptions were provided. For example; Windows system files, installers from trusted publishers, file updates to existing app software, etc..