Today we announced the availability of version 3.3 of the Endgame platform, our seventh update of 2018. This release includes the industry’s first flexible architecture to fully support cloud, on-premises and hybrid deployment for lowest cost of operations and complex compliance requirements.
As a cloud-driven release, customers do not need to take any action on their endpoints to take advantage of the new capabilities and features. This release is specifically designed to address the major challenges of enterprise security teams: enhancing the protection and scalability to stop attacks before damage and loss, and continues to drive operational improvements in advanced hunting and response by augmenting the skills of security analysts at any experience level.
New features in version 3.3 include:
Multi-tier data model supporting cloud and on-premises options to accommodate the global compliance requirements of complex organizations while preserving a complete timeline of all events, wherever endpoints are deployed.
Total Attack Lookback™ provides 120 days of non-repudiable forensic information about an incident and exceeds the average adversary dwell time at zero additional cost.
Unique workflow automation and autonomous agent operations are extended by this architecture across global deployments.
The new architecture increases the scope, power and performance of Endgame’s groundbreaking automation technologies, Artemis, Resolver and EQL, eliminating the biggest barriers to immediate productivity by investigators, hunters and IT operations. It also makes critical threat intelligence data available to all customers free of charge through Total Attack Lookback™ - the industry’s first forensic review feature to exceed average adversary dwell time.
Using plain English, global attack visualization, and the industry’s first event query language optimized for security investigation, Endgame Total Attack Lookback™ provides analysts with a complete record of relevant operating system events to determine the origin and extent of a compromise and can serve as a guide to drive compliance and notification requirements.
Store Data Your Way Without Compromising Security Operations
The EU GDPR has led organizations to look very carefully at where their data lives, and Endgame allows for organizations to segment their data storage requirements in a way that works for them, rather than being forced to send everything to a central cloud platform.
Endgame customers now have the ability to deploy, extend, or modify their Endgame infrastructure to store forensic endpoint activity data in any combination of three storage destinations:
Streamed to Endgame Global Services – With the ever-increasing number of dissolvable VDI systems and endpoints that are not always connected to an organization’s private network, Endgame makes it simple to easily query historical data even if the system is offline, roaming, or completely destroyed. With Global Search, Endgame allows customers to use the same Artemis™ investigation tools across the streamed data from a single UI.
Distributed across endpoints – The forensic data can be stored on the endpoint and easily accessed, searched and investigated through the single Endgame console using Artemis™, our AI-powered chatbot that understands plain English questions and streamlines the investigation and hunting workflow used to interact with endpoint data.
Streamed to private data stores – Organizations with a mature security operations function are investing in data analytics, and Endgame provides the ability to take our tamper-resistant, enriched endpoint data and integrate it easily into any third-party system like Splunk, Hadoop, or ELK. Endgame’s API allows vendors and customers to build their own native integrations and we are rapidly adding more integration partners with a ServiceNow app available later this year.
Only Endgame offers the ability to mix and match any of the above options, meaning a customer can have a hybrid approach to meet their organizations unique requirements.
For example, one Endgame customer has their network divided into two sections. The first network streams endpoint data to Endgame Global Services for all systems that may be offline, roaming or destroyed (in the case of VDI or cloud workloads), and also streams to their own in-house data analysis system. The second network section stores event data locally due to limited bandwidth. Using Artemis™, their security analysts are able to easily query and run investigations and hunts across all endpoint information from devices on both networks, without thinking about where the data is stored or where the endpoint is located.
Total Attack Lookback™
Though some vendors still like to claim they can prevent everything from malware to adversaries, Endgame knows that prevention in any aspect of security is not 100% perfect, and as an industry we know that the average dwell time remains above 90 days. If the endpoint data is not retained long enough, it may be impossible to fully investigate or perform root-cause analysis.
Unlike most endpoint security or EDR vendors who only allow retention to take place in their (often US-based) cloud – and some vendors will also limit their lookback capabilities by only offering 7-days of data storage before passing additional storage costs on to their customers – Endgame’s Total Attack Lookback™ feature allows full investigations and hunting to span 120 days of the tamper-resistant forensic data, while customers remain in complete control of where their data lives. All at no extra cost.
This customer-oriented approach to data storage, simplifying and enhancing the efficiency of security operations, makes Endgame the only complete endpoint security platform that truly allows an extreme reduction in the risk of breach, without increasing the business risk of data privacy.
More information about the Endgame Architecture and Total Attack Lookback™ can be found on our site or by requesting a demo.