NovaGuard: Newer Endpoint Detection and Response Agent

ForeNova’s new endpoint detection and response (EDR) agent ForeNova NovaGuard complements its ForeNova NovaCommand solution for detecting attacks based on conspicuous behaviour in network traffic. ForeNova now offers both Network Detection and Response (NDR) and Endpoint Detection and Response (EDR).

The resource-saving installation of the agents for ForeNova NovaGuard is supported by various and legacy operating systems. This means that IT administrators can also cover remote IT areas such as notebooks or cloud servers with endpoint defence. NovaGuard enables immediate protection through hot patching and limits attacks by grouping endpoints into micro-segments.

Honeypot files help to provoke the perpetrators of complex ransomware attacks into action and thus launch a defence at an early stage. The new product provides IT security administrators with a comprehensive cyber defence from a single source. ForeNova NovaGuard is available as a standalone product on request and integrates with numerous third-party cyber defence technologies.

ForeNova NovaGuard provides IT security managers with full visibility of all activities at the endpoint, which they can stop in real time and mitigate the consequences. NovaGuard thus offers protection against complex attacks in all phases of the attack: endpoints and their security policy can be managed proactively.

A baseline check carried out using artificial intelligence (AI) and machine learning (ML), which is constantly optimised, detects many attacks preventively based on conspicuous patterns in endpoint behaviour. ForeNova NovaGuard takes into account internal data traffic between endpoints (east/west) and external (north/south) communication with a command-and-control server.

The EDR agent thus protects against complex ransomware-as-a-service, brute force attacks, backdoors and botnets. NovaGuard recognises malicious files, vulnerabilities, the installation of a web shell by an attacker and the execution of the attack – such as the encryption or exfiltration of data.

As a defence, NovaGuard quarantines files, isolates the host and correlates information on attack behaviour into recognisable patterns thanks to artificial intelligence (AI) and machine learning (ML).

Other important functions of ForeNova NovaGuard are

• Improved risk management at the endpoint through hot patching and setting security rules
  NovaGuard closes vulnerabilities found – such as zero-day gaps – in the runtime environment during operation – independently of and in addition to the patch management cycles of an application or system. There is no need for a restart and computing power is hardly affected. Simple security operations are possible thanks to fast policy configurations for individual endpoints or large groups.
• Micro-segmentation
  To prevent malware from spreading quickly from an endpoint, IT administrators can divide groups of endpoints in their IT into individual sections, such as departments. IT administrators, partners or security experts carry out a targeted defence in these sections. They set up additional password protection for a Remote Desktop Protocol (RDP). Thanks to AI, NovaGuard blocks brute force attacks automatically or, depending on the configuration, from a defined frequency.
• Honeypot luring birds
  Ransomware attacks often go unnoticed for a long time because the operators of complex ransomeware-as-a-service (RaaS) attacks initially only search for valuable information before acting visibly. Strategically placed honeypot files, either in system-critical directories that attackers are most likely to search or in randomly selected directories, can cause attackers to launch an encryption attack and thereby give themselves away. The endpoint protection can then stop the encryption of data. NovaGuard identifies and removes the malware behind it.
• Support for different endpoint operating systems
  The NovaGuard agent can be installed on any endpoint with the following operating systems: Windows, MacOS, as well as the Linux environments CentOS, Debian, Oracle, RedHat, SUSE and Ubuntu. NovaGuard thus protects endpoints on servers, in the private cloud and in virtual machines. Older corporate networks are protected thanks to compatibility with Windows XP and Windows Server 2008.
• Integration into other IT security infrastructures
  ForeNova NovaGuard interacts with ForeNova NovaCommand and the MDR services offered by ForeNova. In addition, ForeNova NovaGuard also works with Security Information and Event Management (SIEM) offerings such as Radar, ArcSight or Splunk as well as with firewalls from Palo Alto, Sophos, Fortinet, Checkpoint and Cisco. Supported endpoint solutions include Bitdefender, McAfee, F-Secure, Sophos, Symantec, Trend Micro and Windows Defender ATP. VMware or the network access control solution Macmon are also supported.

“The complex advanced persistent threats (APTs) of the present and future in particular require the interaction between the observation of conspicuous structures in data traffic by an NDR and the immediate blocking of attacks launched on the endpoint. With ForeNova NovaGuard, we can offer our partners and our customers this protection,” says Thomas Krause, Regional Director DACH at ForeNova.

“We thus provide an integrated defence in the various phases of today’s complex and staggered attacks: ForeNova NovaCommand as AI-supported and machine-learning-optimised detection of attacks based on deviations from normal data traffic for prevention and analysis, ForeNova NovaGuard primarily for the outbreak of the attack on the endpoint.”

Original article link: https://www.iavcworld.de/security/8592-novaguard-neuer-endpoint-detection-and-response-agent.html