2. What is Endpoint Modeling?
• It’s observing all behavior of all of your network
endpoints and watching for changes in that behavior;
changes that could indicate possible compromise or
malicious activity.
• It’s rapid identification of compromised equipment thus
driving remediation response times to near immediate.
3. What is Endpoint Modeling?
• It’s passive collection of IP traffic information - and not
payload - to determine anomalies, thus not affected by
encryption or levels of transparency in virus signatures.
• It’s utilization of cloud powered compute and remote run
algorithms to deliver real-time analysis and alert
functionality.
• It’s unprecedented visibility. At the core it’s “Baselining” –
comparing current & past activity and performance to an
historical baseline.
4. endpoint modeling
is profoundly
different
Role
Network Activity
Communication
Patterns
✔
✔
✔
Continuous Validation
4
Compliance✔T:406,
TAG 19,
EXPLORE,
ALERT-3F
V:9011,
TAG 139,
EXPLORE,
ALERT-3A
T:126,
TAG 6D,
CONFIRMED
ALERT-12
9. How Does Endpoint Modeling Improve Security?
• A continuous, unobstructed understanding of every endpoint's behavior,
regardless of its function
• Rapid identification of indicators of compromise without dependencies on
log file monitoring, deep packet inspection (DPI), or other signature-based
methods
• Insightful and efficient security actions
T:406,
TAG 19,
EXPLORE,
ALERT-3F
V:9011,
TAG 139,
EXPLORE,
ALERT-3A
T:126,
TAG 6D,
CONFIRMED
ALERT-12
9
With Dynamic Endpoint Modeling, you gain: