Cyphort Launches a New Advanced Threat Defense Platform
- Distributed collection sensors to “collect suspect malware data” from network, web and email traffic
- Multi-method analysis including a sandbox some analytics both on-prem and in the cloud. Analysis also incorporates both global context (or threat intelligence) and local context on assets and identity.
- Integrated mitigation endpoint infection verification and a capability to deploy malware mitigation rules to third party perimeter devices. Like other vendors in the space, Cyphort has found it expedient to confirm that endpoints targeted by malware found on the network by a sandbox actually infected something before generating a potential false positive alert.
Cyphort’s focus on updating heterogeneous perimeter devices rather than providing its own inline appliance to do the blocking and tackling is a bit unusual. Most competitors provide an appliance-based solution that can be deployed inline or out of band to block suspect traffic or generate alerts. True, many customers want to avoid yet another “bump in the wire” from an appliance; these customers may like the approach of automated network remediation with third parties – but only if the experience is smooth and reliable enough in their unique production configuration.
Besides the partnership approach to mitigation, Cyphort’s software-based deployment is also a differentiator. Customers can deploy either a turnkey OS onto commodity hardware, or a virtual machine (VM) image for VMware. This allows sensors to be deployed across the enterprise – within data centers and out to branch offices – as well as along the perimeter. Combined with bandwidth-based pricing (rather than per-appliance or per-channel pricing) the software deployment may provide a less expensive solution with broader coverage than some of the others.
Cyhport can also perform sandboxing analysis for multiple operating systems and verify infections on endpoints to reduce false positive alerts. Coupled with the ability to integrate with Active Directory to contextualize risk and prioritize or organize alerts based on security group memberships or other information on machine assets, these features also make Cyphort a potentially strong entrant to the category.