What is AEP?
AEP is software built to prevent or disrupt cyber-attack on a computer. Critically, AEP is intended to be effective against novel attacks, defeating attacks never before analyzed.
Typical antivirus/antimalware solutions - and to a large extent, network intrusion prevention systems (IPS) - are reactive. An attack is analyzed after it happens. Following analysis, a product improvement is created - typically a signature. This new signature is then distributed to prevent identical future attack.
In contrast, the promise of Advanced Endpoint Protection is successful defense without asynchronous analysis. No patient zero.
The NSS Labs report lists some typical AV vendors claiming AEP functionality:
- ESET Endpoint Security 6.4.2014.0
- Kaspersky Endpoint Security Center 10
- Malwarebytes Endpoint Security v.1.7.4.0000
- McAfee Endpoint Security v10.5
- Sophos Central Endpoint Advanced and Sophos InterceptX
- Symantec Endpoint Protection 14 with ATP Endpoint (EDR) V2.2
- Trend Micro OfficeScan Agent v12.0.1851
One is a network security firm:
- Fortinet FortiClient v 5.4.1.0840
The remaining are emerging vendors built to address AEP:
- Carbon Black Cb Protection v7.2.3.3106
- CrowdStrike Falcon Host
- CylancePROTECT 1.2.1410
- X by Invincea v4.2.0-387
- SentinelOne Endpoint Protection Platform v1.8.3#31
The pure play products generally represent foundational reimagination of "protection". This is where it gets interesting.
Carbon Black, CrowdStrike, Cylance, Invincea, and SentinelOne represent an unexpecedly diverse set of approaches to the AEP problem. ...each to be discussed separately in an upcoming series of posts.
SOURCE:
NSS Labs Announces Advanced Endpoint Protection Group Test Results
This comment has been removed by a blog administrator.
ReplyDelete