Primary Response Overview

Threat Protection for PCs and Servers

The enterprise faces a number of challenges in security and therefore requires comprehensive, real-time protection for both servers and PCs across complex, heterogeneous environments. The quantity of new vulnerabilities and the speed and sophistication of attacks are increasing each year, intensifying the risks to enterprise security. This is especially true for mobile laptop users, geographically distributed offices, and occasionally-connected users. Corporate laptops travel with employees for home use and to other locations. With remote access becoming increasingly popular, there is a heightened potential for PC-level attacks that then propagate through the network, infecting other PCs and servers.

Under these circumstances, security products must guard the privacy and integrity of critical information assets and maintain business continuity. Enterprises face challenges because traditional security systems, such as signature-based antivirus (AV) and signature-based network intrusion detection and prevention (IDP), are not delivering solutions that satisfy enterprise requirements.

The key short falls of signature-based solutions are:

• Mobile users are not adequately protected since laptops often run disconnected from the network and cannot receive signature or security updates. Mobile users can operate their computers outside the purview of secure, controlled corporate environments and therefore can potentially become compromised, acting as a malware attack vector that can infect the corporate infrastructure.
• Attack speed is too fast and the time lost is too great with signature-based products, which perform scans to detect malware. The vulnerability gap between the time an exploit is identified and the time a signature can be deployed, as well as time lost between system scans, is critical.
• Constantly changing attacks and easily modifiable toolkits can evade signatures, making the attacks completely invisible to antivirus and other scan and detect security products.

The Sana Solution: Responding To Today’s Threats With A Different Approach

DETECT • Analyze events (file behaviors, memory behaviors, executables, and code paths) • Evaluate if good or bad CLASSIFY • Automatically classify attacks • Flexible to adjust security posture • No administration is required RESPOND • Log, alert, block, quarantine • Instantly propogate new policies across enteprise

Traditional security systems fall short because they scan data or rely heavily on signatures for detecting malware and other types of attacks, leaving the enterprise potentially vulnerable. In addition, network security, while necessary, does not prevent a variety of attacks (for example, encrypted), and the disappearing perimeter becomes more difficult to defend. The key to solving the enterprise security challenges is to monitor behavior (with behavioral heuristics), and to use a combination of techniques to ensure that any malicious attack can be prevented. Using behavioral and adaptive technologies that are not reliant on signatures and protecting endpoints at the host level and on client systems directly addresses the emerging problems that are challenging the enterprise.

The Answer: Primary Response

Primary Response, industry leading intrusion prevention software (IPS), automatically detects, classifies and responds to complex threats, accelerating time to protection and enabling IT to deliver business continuity without compromising visibility and control.
Unlike other technologies that offer only rules or signatures, Primary Response offers a combination of innovative IPS techniques, used simultaneously, to prevent the most complex and unpredictable attacks using (1) out-of-the-box knowledge-based system to protect end users, applications and systems, (2) Active Malware Defense Technology (Active MDT) that can detect and prevent suspicious malware activity such as Trojans, keyloggers, silent backdoors and rootkits based on a behavioral heuristic approach and (3) Sana’s Adaptive Profiling Technology (SanAPT) that provides instant protection for memory-based attacks and learns normal application file path behaviors and responds to anomaly-based threats.