Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

7/30/2018
02:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Endgame Addresses Phishing Attacks With Machine Learning

Machine learning model closes critical entry point for cybercriminals with 99 percent efficacy

ARLINGTON, Va., July 33, 2018 – Endgame, the first endpoint protection platform to deliver the stopping power of a world class SOC in a single agent, today announced that it has enhanced its platform to end the threat of document-based phishing attacks. MalwareScore, a host-based machine learning technology, now has the capability to identify and block known and never before seen malicious Microsoft Office documents pre-execution with 99 percent efficacy.

Phishing is the third most prevalent cyber attack resulting in information breaches, with approximately 70 percent of breaches associated with nation-state or state-affiliated actors involving phishing according to the Verizon 2018 Data Breach Investigations Report. The report also notes that two-thirds of phishing emails include malware. The recent indictment of 12 Russian intelligence officers suspected of playing a role in the hack of the Democratic National Committee before the 2016 U.S. election notes that phishing played a major role in their strategy. Phishing attacks that delivered malicious payloads also targeted this year’s World Cup in Russia and the Pyeongchang winter games.

“It’s important to remember that phishing is just the beginning of a long attack chain that can lead to a major breach, not a final attack. Payload-driven phishing attacks give attackers the foothold they need to access the internal network. From there, they can perform reconnaissance, move laterally, and take actions to find and exfiltrate sensitive data or worse,” said Mark Dufresne, vice president of threat research and prevention at Endgame. “That is why Endgame is tackling this issue head on to stop hackers from ever gaining that foothold. Strong machine learning models are necessary to protect businesses from new and unknown malicious macros, which is where signature-based solutions fail.”

Available in the Endgame 3.0 release, MalwareScore is part of a multi-layer approach that includes automated tradecraft analytics and orchestration to prevent the attack, quarantine the file or host, and orchestrate clean up across all endpoints and mail servers on the network.

Consistent with our commitment to transparency, the updated machine learning model is running publicly in Google’s VirusTotal where it is helping security teams determine whether documents are malicious.

“The endpoint is the only place to prevent cyber attacks with certainty, because it is there that adversaries expose themselves making it easier to find malicious activity early and reduce the cost of incident response investigations on the whole network,” said Mike Nichols vice president of product management at Endgame. “This unique extension of MalwareScore resides entirely on the endpoint, ensuring complete protection of the mobile and disconnected workforce with zero end user impact. This update adds another layer of prevention to our comprehensive protection based on the MITRE ATT&CK matrix, bringing Endgame another step closer to being the last agent you will ever need.”

The researchers who invented the updated machine learning model for MalwareScore will be available for meetings during the Black Hat Conference Aug. 8-9 to give live demonstrations of the new capabilities. Meet them at the Endgame booth #1328 in the Business Hall in Shoreline throughout the conference. Schedule an onsite demo here and learn more about MalwareScore on our website here. To read about the threat landscape and how Endgame 3.0 addresses the problem you can read more here, while you can learn more about how Endgame is using machine learning to end document-based phishing attacks here.

About Endgame

Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...