Vendor ForeNova is expanding its Network Detection and Response (NDR) protection and an Endpoint Detection and Response (EDR) solution. This is intended to better protect the network in connection with the endpoints.
ForeNova now offers NovaGuard, an Endpoint Detection and Response (EDR) solution. NovaGuard supplements the network traffic-based detection and defense against threats by the NDR protection NovaCommand by protecting the endpoints. NovaGuard shares its information with NovaCommand and network security specialist ForeNova's managed detection and response services.
Additional protection for the endpoint
The protection of the endpoint opens up additional added value and helps against attackers in every phase: EDR takes effect before and during the ongoing attack. Resource-saving installation of agents for NovaGuard is supported by various and legacy operating systems. In this way, IT administrators also cover remote IT areas such as notebooks or cloud servers with endpoint defense.
The product provides immediate protection through hot patching and mitigates attacks by grouping endpoints into micro-segments. Honeypot files help provoke the originators of complex ransomware attacks into activity and thus start a defense at an early stage. With the new product, IT security administrators have comprehensive cyber defense from a single source. ForeNova NovaGuard is available as an optional standalone product and integrates with many third-party cyber defense technologies.
Stop anomalies in real time
🔎 Hot patching on an endpoint by NovaGuard (Image: ForeNova).
IT security officers have full visibility of all activities at the endpoint, which they can stop in real time and mitigate the consequences. NovaGuard thus offers protection against complex attacks in all phases of the attack: endpoints and their security policy can be managed preventively. A baseline check carried out by artificial intelligence (AI) and machine learning (ML) and continuously optimized detects many attacks preventively based on conspicuous patterns in endpoint behavior.
NovaGuard accounts for internal traffic between endpoints (East/West) and external (North/South) communication with a command and control server. The EDR agent thus protects against complex ransomware-as-a-service, brute force attacks, backdoors and botnets. The solution detects malicious files, vulnerabilities, the installation of a web shell by an attacker and the attack in its execution - such as encrypting or exfiltrating data. To defend against this, NovaGuard quarantines files, isolates the host and, thanks to artificial intelligence (AI) and machine learning (ML), correlates information on attack behavior into recognizable patterns.
Other important functions of NovaGuard
- Improved endpoint risk management through hot patching and security policy enforcement: Any vulnerabilities found – such as zero-day gaps – are closed by NovaGuard in the runtime environment during ongoing operation – independently of and in addition to the patch management cycles of an application or system. There is no need to restart, the computing power is hardly affected. Simple security operations are possible through quick policy configurations for individual endpoints or large groups.
- Micro-Segmentation: To prevent malware from spreading quickly from an endpoint, IT administrators can divide groups of endpoints in their IT into individual areas, such as departments. In these sections, IT administrators, partners or security experts carry out a targeted defense. Set up additional password protection for a Remote Desktop Protocol (RDP). Thanks to AI, NovaGuard automatically blocks brute force attacks or, depending on the configuration, from a defined frequency.
- Honeypot Decoys: Ransomware attacks often go unnoticed for a long time because the operators of complex ransomeware-as-a-service (RaaS) attacks are initially only looking for valuable information before they act visibly. Strategically placed honeypot files, either in system-critical directories that attackers are most likely to browse, or in randomly selected directories, can lead attackers to launch an encryption attack and thereby give themselves away. This allows endpoint protection to stop encrypting data. NovaGuard identifies and removes the underlying malware.
- Support for different endpoint operating systems: The NovaGuard agent can be installed on any endpoint running the following operating systems: Windows, MacOS, as well as CentOS, Debian, Oracle, RedHat, SUSE and Ubuntu Linux environments. NovaGuard thus protects endpoints on servers, in the private cloud and in virtual machines. Legacy corporate networks are protected with Windows XP and Windows Server 2008 compatibility.
- Integration into other IT security infrastructures: ForeNova NovaGuard interacts with ForeNova NovaCommand and the MDR services offered by ForeNova. In addition, ForeNova NovaGuard also works with security information and event management (SIEM) offerings such as Radar, ArcSight or Splunk, as well as firewalls from Palo Alto, Sophos, Fortinet, Checkpoint and Cisco. Supported endpoint solutions are Bitdefender, McAfee, F-Secure, Sophos, Symantec, Trend Micro and Windows Defender ATP. VMware or the network access control solution Macmon are also supported.
“The complex Advanced Persistent Threats (APTs) of the present and the future in particular require the interaction between the observation of conspicuous structures in data traffic by an NDR and the immediate blocking of attacks on the endpoint,” says Thomas Krause, Regional Director DACH at ForeNova.
More at ForeNova.com
About ForeNova ForeNova is a US cybersecurity specialist who offers medium-sized companies inexpensive and comprehensive Network Detection and Response (NDR) to efficiently mitigate damage from cyber threats and minimize business risks. ForeNova operates the data center for European customers in Frankfurt a. M. and designs all solutions GDPR-compliant. The European headquarters are in Amsterdam.