We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint Protection, our latest endpoint security solution for business. This latest release unifies a number of technologies onto a single agent on the endpoint and adds a new machine learning detection engine into our layered approach to protection.
As we’ve mentioned before, Malwarebytes threat detection is driven by the industry’s best-informed telemetry. Because Malwarebytes is the gold standard in remediation, we see more than 500,000 consumer and enterprises download Malwarebytes every day when their existing solutions fail them. And every day, more than 3 million remediation events are processed. This telemetry of the malware that is “succeeding” provides us the insight to understand the tactics, techniques, and procedures the attackers are leveraging.
To provide the best protection possible, Malwarebytes Endpoint Protection delivers Multi-Vector Protection (MVP) with 7 unique layers of technology. These layers fall into two general categories: rules-based and behavior-based. The rules-based layers address the known threats (and their variants). The malware that is unknown is handled by the behavior-based technologies. The telemetry that we described above validates the effectiveness of our behavior technologies (and ensures we minimize FP issues) while informing our rules-based approaches.
The rules-based layers include Web Protection and Payload Analysis.
- Web Protection: prevents the endpoint from connecting to malicious websites and downloading malicious payloads. In the event that a malicious payload does make its way onto an endpoint, it prevents the malware from connecting to command and control servers.
- Payload Analysis: uses heuristic rules to identify entire families of known and relevant malware.
The Behavioral-based layers are “signature-less” technologies that include Application Hardening, Exploit Mitigation, Application Behavior, Ransomware Mitigation, and our new machine learning engine – Anomaly Detection.
- Application Hardening reduces the vulnerability surface, making the endpoint more resilient. This also proactively detects fingerprinting attempts made by advanced exploit attacks.
- Exploit Mitigation proactively detects and blocks attempts to compromise application vulnerabilities and remotely execute code on the endpoint.
- Application Behavior ensures applications behave as intended, preventing them from being leveraged to infect the endpoint.
- Ransomware Mitigation detects and blocks ransomware from encrypting files by using behavioral monitoring technology.
- Anomaly Detection is our new machine-learning approach. While traditional machine learning approaches have focused on malware classification (training the machine learning algorithm on known malware in order to identify unknown malware), we’ve taken a different approach by focusing on known good files. The space of known good files is significantly easier to represent well, resulting in a model that performs very well over time. Most importantly, this new engine fits into our layered approach to prevention.
It’s critical to note that our remediation capabilities are included as part of Malwarebytes Endpoint Protection because we know we can’t be 100% effective 100% of the time. So when something does get through, as soon as we know about it, we’ll be able to find and thoroughly remove the infection.
Malwarebytes cloud platform
Malwarebytes Endpoint Protection is the second solution to be offered on our new single, unified endpoint agent and delivered via our cloud-based management platform. This new platform eases deployment of Malwarebytes Endpoint Protection (as well as Malwarebytes Incident Response). Additionally, larger organizations benefit from effortless, unlimited scalability and quick time-to-value.
In addition to managing the deployment, the cloud management console also centrally manages security policy and threat visibility across all endpoints in your organization. The cloud platform also enables endpoint Asset Management by delivering dozens of endpoint system details such as network interfaces, storage devices, memory objects, installed software, software updates, startup programs, and more.
Malwarebytes Endpoint Protection will be available for sale on June 28th. I encourage you all to learn more about this new solution and more importantly, give it a try!