You need a new kind of approach to tackle today’s threats.
Why? The short answer, because Prevention is Ideal but Detection is a must.
It used to be that just keeping your antivirus (AV) up to date kept you out of harm’s ways. Then along came malware detection which is really AV for your browser in disguise. Then came application blockers which are nice until you realize your IT tickets are increasing proportional to the decrease in allowed applications (to speak nothing of the added user frustration). Now there are more technologies to record and detonate potential threats being thrown at your endpoints than ever, all in the name of security.
However there are still challenges such as:
- Having unified visibility and control over what’s running on your endpoints and servers for the myriad of security products trying to defend them
Ensuring that you can respond in seconds to the next threat that effects your endpoints and servers
Knowing that you are ready for the next generation of threats by sourcing the latest threat intelligence
What you need is a way to ensure that what is supposed to be running on your endpoints is actually running and that you have complete control over it, all without installing security software.
LoughTec has years of research that allows our technology to optimize how we ask and understand what is running on an endpoint. The result is incredibly fast (sub 10 second per endpoint) responses on advanced queries at enterprise scale that can detect change in your environment. By having a clear definition of how something is supposed to be (including support for any standard, NIST, CIS, etc) and how an endpoint changed, we can respond more intelligently with actions to drive events to your SIEM team, to your patch management team, to your endpoint protection team, to your security analytics team or to your incident response team or directly to your endpoint.
Respond with remediation or escalation
With a clear understanding of change or deviation from a known, compliant state, you have an opportunity to respond with clear actions. Promisec enables 3 ways to respond: automated (as defined by your rules), manual enabled actions (with built in right clicks on actions) or escalated to another system like a SIEM or to an IT trouble ticket system. Promisec enables you to respond yourself with many built-in actions to remove blacklisted software, change policies, force applications to quit and uninstall or even to disconnect from the network or shut down completely. The LoughTec platform also allows you to customise and create your own actions.
The LoughTec platform allows you to report across organisational and regulatory guidelines in standard out of the box reports or via custom reporting capabilities. LoughTec also allows creation of advanced dashboards to keep an eye on what matters to your organisation and filter out the noise. LoughTec enables you to stay on top of your endpoints, without putting extra software on them.
Deploy in Days
Traditional Security products take weeks, months, and sometimes never to deploy across your enterprise. A LoughTec solution via its agent-less architecture deploys across thousands to tens of thousands endpoints and servers in a matter of hours to just a few days, and requires very little support and maintenance on an ongoing basis. Agent based technologies that have similar capabilities require weeks of planning and execution to get introduced and deployed with the least amount of interruption. In many cases, customers deploy a single unified server or a LoughTec management server and couple of Sentry’s to cover their entire enterprise allowing customers to go from drawing on a whiteboard to deploying in rapid fire fashion.