Endpoint Threat Detection
Expose More. Analyze Faster. Respond Better.
Expose Advanced Threats Hiding on Endpoints
Gain Deep Endpoint Visibility
Analyze and Confirm Infections Quickly
Scope and Efficiently Respond to Incidents
Receive an early warning of malware infections
RSA ECAT continuously monitors endpoint activity and alerts on suspicious activity in real time. Alerts can be correlated with other network events in RSA Security Analytics or other SIEM solutions.
Detect advanced threats without relying on signatures or knowledge of specific threats
RSA ECAT doesn’t rely on signatures to detect advances targeted attacks. Instead, RSA ECAT leverages unique behavior monitoring and scanning techniques to go deep into the inner workings of endpoints to thoroughly check the integrity of the system, provide a complete view of what’s happening, and flag anomalous activity.
Gain visibility into any unknown files that load
RSA ECAT detects new, unknown files that load on any endpoint across the enterprise and provides immediate insight into how the file behaves and impacts the system. This helps analysts quickly determine if the file is malicious and take action.
Shorten the time to validate compromised endpoints
RSA ECAT makes it easy for analysts to investigate and confirm infections by providing suspect scores and descriptions highlighting anomalous activity. Security teams can quickly triage and focus investigations on the most suspicious endpoints, using ECAT’s built-in tools that enhance analysts’ efficiency during investigations.
Reduce costs of incident responseWith RSA ECAT, security teams can instantly see how far the infection has spread and identify all other machines that need to be remediated, which eliminates significant manual work that would otherwise be required for incident response.
Monitor, Scan, & Alert
RSA ECAT agents are deployed on Windows and Mac servers and endpoints to provide deep visibility into endpoint activity, with low system impact. The agents continuously monitor and can automatically alert on suspicious activity, providing an early warning of potential compromises. RSA ECAT also provides an expansive set of out-of-the-box alerting rules that identify suspicious behavior, without relying on signatures or knowledge of a specific threat.
Leveraging unique scan techniques, RSA ECAT scans endpoints in a matter of minutes to thoroughly check the integrity of the system, gain an X-ray-like view of what’s happening, and identify anomalous activity. Through per-process live memory analysis, direct physical disk inspection, and network traffic analysis, RSA ECAT gathers a complete inventory of everything running on the system and automatically flags suspicious activity for further review.
The RSA ECAT console presents a complete view of all endpoints in the environment, along with a suspect score that is calculated using unique scoring algorithms. With a clear visual indication of the potential threat level of endpoints and a description of the anomalous activity seen, security teams can easily triage alerts, focus their investigation, and make limited resources more efficient.
RSA ECAT maintains a global repository of all executable files found and IP addresses connected across the environment. With RSA ECAT, security analysts have the flexibility to whitelist known-good (trusted) files and filter them from view during an investigation, and also blacklist known-bad files and IPs, so they’ll be automatically flagged if found on any endpoints. This helps to reduce time spent on an investigation.
Security teams will have context about how many machines a particular file has been found on, whether the file is active or dormant on a machine, and which machines are connecting to a particular IP address. RSA ECAT provides several built-in tools to help security analysts determine if a file is malicious, including the ability to check the legitimacy of file certificates and hashes, check for known threats, identify any code modifications typically made by malware, and more.
In addition, direct integration between RSA ECAT and RSA Security Analytics provides comprehensive visibility into endpoint activity, network packets, netflow, and logs, and enables analysts to seamlessly transition between endpoint and network views during investigations.
The ability to know how far a particular infection has spread is crucial for effective remediation. Without that visibility, security teams don’t know if other machines are infected, and the business could still be at risk. With RSA ECAT, security teams can instantly determine how far the threat has spread by identifying all other infected machines.
For effective remediation, RSA ECAT shows the exact location and persistence mechanism of malicious files so security teams can take appropriate action. One option available to the security analyst is to push out a temporary remediation agent from the ECAT console to clean the endpoint.
RSA ECAT can also gather critical data for a full forensic investigation, including full process and live memory dumps, view the Master File Table (MFT), and see modified and deleted files.
RSA Security Analytics
Provide enterprise-wide visibility into network traffic and log event data to reduce attacker free time from weeks to hours
RSA Critical Incident Response Solution
Detect security threats, prioritize actions based on business impact, and expand your analysts’ expertise.
Data and Spec Sheets
- Building End-to-End Advanced SOC Operations with RSA Solutions
- Live Memory Analysis for Advanced Threat Detection
- RSA ECAT in Action: Endpoint Malware Investigation
- RSA on Intelligence-driven Threat Detection and Response
- Advanced Threats in the Enterprise: Finding an Evil in the Haystack
- ESG: RSA Enterprise Compromise Assessment Tool
- Intelligence Driven Threat Detection and Response
- RSA Discovers Massive Boleto Fraud Ring in Brazil
- Taking Charge of Security in a Hyperconnected World
- The Critical Incident Response Maturity Journey
News & Blogs
Sep 19, 2012RSA Launches Incident Response and Breach Readiness Services to Help Customers Turn the Tide on Advanced Threats