Attackers have been easily evading traditional antivirus solutions for years, which is why almost every breach originates at the endpoint. Invincea realized that a new way of detecting malware was critical. Created by data scientists, X by Invincea leverages deep learning, an advanced form of machine learning, as part of the industry’s most advanced next-generation anti-virus solution. This gives X by Invincea the ability to detect and stop malware – even previously unknown variants – without relying on signatures.
Deep learning mimics the way the human brain thinks. Recent advances in deep learning have allowed breakthrough results, including advancements in facial recognition and natural language processing. Invincea uses similar deep learning technology to diﬀerentiate malware from benign programs. This means Invincea can detect previously unknown malware and polymorphic variants that evade signature-based solutions. In essence, X by Invincea stops malware before it can impact an endpoint, without aﬀecting performance. This includes ransomware, weaponized Oﬃce documents, and other prominent endpoint threats.
Preventing Known and Unknown Malware without Signatures
X by Invincea leverages machine learning to identify and block suspicious ﬁles before they execute. Every program found on the endpoint is automatically analyzed. First, Invincea extracts unique ﬁle features about the program and its capabilities. Second, the extracted features are then run through Invincea’s multi-stage deep learning algorithm to determine how similar the ﬁle is to other malware families. X by Invincea then returns a similarity score for the suspicious program. The higher the score, the greater the likelihood that it is malware. If a ﬁle exceeds the risk threshold, it is automatically quarantined or deleted. X by Invincea will even identify the malware family the ﬁle belongs to. The entire process, from feature extraction to quarantine, takes only 20 milliseconds.
Stopping File-less Attacks
Not all endpoint attacks rely solely on malicious ﬁles. Many attacks begin as ﬁle-less, meaning the attacker does not write any ﬁles to the user’s system. File-less attacks are extremely popular because many of today’s endpoint protection solutions struggle to detect these attacks. The most common type of ﬁle-less attacks are weaponized Oﬃce documents. To prevent ﬁle-less attacks, X by Invincea utilizes behavioral monitoring to determine if trusted programs are behaving badly. When suspicious behavior is detected, X by Invincea automatically terminates the malicious process in real-time, before it can do damage. Behavioral monitoring works in conjunction with deep learning to dynamically set the risk threshold and provide greater defense-in-depth against endpoint threats.
Eliminating Spear Phishing Attacks
Almost every major cyber attack begins with a targeted email with a malicious attachment or link. Organizations attempt to combat this with training, but users will always make mistakes that lead to painful breaches. X by Invincea oﬀers a better solution for spear phishing protection for those organizations who require additional endpoint security. With X by Invincea’s isolation technology, all links and attachments from email are automatically opened in an isolated environment. Users will continue to conduct business as usual, but attackers are completely contained. Threats are killed, removed, and logged without exposing any data or allowed the attacker to gain a foothold on the endpoint.
Invincea offers three different versions of X by Invincea – Detect, Prevent, and Complete. This allows organizations to choose the deployment that fits their business requirements. Organizations can choose to deploy silently (Detect) before turning on active blocking (Prevention). Others will choose to add an optional additional layer of protection (Complete).
X by Invincea Detect
Runs silently to identify compromised endpoints, including compromises that existed prior to deploying X by Invincea. The forensics collected provide visibility to security teams to detect and respond to attacks. The Invincea Management Server, which is used to manage X by Invincea deployments and analyze forensic data, can be hosted or deployed on-premise. Data can also be exported to SIEMs and other security tools.
X by Invincea Prevent
Includes all the forensics and analysis included in Detect, but also automatically blocks threats before they can cause damage. X by Invincea Prevent uses machine learning to detect and block known and unknown malware from running. In addition, Prevent uses behavioral monitoring to stop ﬁle-less attacks, including weaponized Oﬃce documents, from compromising the endpoint. X by Invincea Prevent is completely host-based and works even when the endpoint is oﬄine. This means users stay protected whether they are in the oﬃce or on the road.
X by Invincea Complete
Not only oﬀers the features of Detect and Prevent, but also adds additional spear phishing protection. X by Invincea Complete leverages Invincea’s isolation capabilities to contain untrusted content such as links and attachments in emails.