What is Endpoint Security?

The innermost protective circle of our Layered Security concept protects the heart of every corporate network: the clients on which employees work with sensitive data on a daily basis, where they enter access data and open attachments from e-mails. Endpoint Security includes all the technologies that protect these clients directly from threats and exploiting vulnerabilities. This includes proactive protection against malware, including an effective client firewall and efficient patch management to prevent vulnerabilities in installed programs from becoming an attacker’s gateway.

Reliable detection of known malware

Most attacks on corporate networks are carried out with known malware that attempts to penetrate the outer defence layers every second. Classical detection of malware using signatures is closely linked to behavior-based detection and plays a key role in the Layered Security concept for early detection of threats. This is not only why it is indispensable in modern security solutions. In addition to the virus scanner on the clients, the protection technologies also rely on signatures that work at the network borders in the Layered Security concept – for example, the e-mail filter or the URL blocker. This allows them to detect malicious files on the network before they reach the clients.

G DATA regularly delivers a new signature list via update, so that the computers in the network are protected against known malware in a timely manner. The signature of an unknown malware that has been stopped by behavior-based detection is immediately communicated to all protection technologies so that they can next time stop the malware directly at the outer layers.

What are signatures?

All files or programs have a unique „fingerprint”: the so-called signature. If a file or program is classified as malicious, it will be listed on a black list. During a virus scan, the signatures of files are compared with this list – this happens very quickly and is done regularly in the background. If the anti-virus software finds a file signature on the blacklist, it will be detected as malicious and quarantined.

Next Generation Proactive Technologies

If malware was intercepted by its signature on the outer defense rings, it could not cause any damage yet. Only when the code contained in the code is actually executed and gets computing time in the processor can it unfold its potential. Once a malware has overcome all levels and is activated on the client, it encounters behavior-based detection. This is the last line of defense. Only when it’s taken is the attacker at the target.

G DATA business solutions have numerous next-generation technologies such as

  • heuristic algorithms
  • Exploit Protection
  • BankGuard
  • Keylogger Protection
  • Behavior Blocking

They are able to identify and stop unknown malware by its behavior before damage occurs. The software is then added to the signature list of malicious programs so that the outer defense rings can intervene at an early stage during the next attack.

 

 

 

Ransomware: A new challenge for companies

Extortion Trojans are currently keeping the corporate world particularly busy. Once a computer is connected to it, the so-called Ransomware encrypts the local files – usually also those on other clients and servers in the network. The attackers then demand a ransom for decrypting the data. Prominent variants such as Petya, WannaCry or Locky could thus cause damage amounting to millions.

Our new Anti-Ransomware module protects against these perfidious attacks: It detects when a program wants to encrypt many files in a short time and stops the process early.

Firewall

In addition to malware detection methods, our firewall checks client communication with the corporate network and the Internet. This means that no malware can reach the computers in your network via these connections, no one can gain access to your data, and no malware can establish a connection to the Internet.

In times of „Bring Your Own Device” (BYOD) and consumerization, the client firewall is more important than ever: When employees use your company’s devices in another network – for example, an unsecured WLAN in a café – our firewall ensures outside the company that attackers do not gain unnoticed access to the device.

 

The „WannaCry” case

The blackmailer Trojan „WannaCry” spread all over the world on May 12, 2017 and attacked corporate networks. In Germany, operations in numerous hospitals were at a standstill, and the Deutsche Bahn scoreboards only showed the message of blackmailers instead of the current departure times. Production and workflows in global companies such as the French car manufacturer Renault were massively affected by the attack.

The Trojan horse could spread so rapidly due to a known vulnerability in the Windows operating system alone. This gap was already closed two months before the outbreak. The infection could have been avoided if the patch released by Microsoft had been installed on the affected systems in time.

Patches

For many vulnerabilities in software, there are already updates that fill these gaps. The problem: These patches often don’t reach the clients fast enough. After the infection with the extortion Trojan horse „WannaCry”, the disaster for hundreds of thousands of IT managers – see info box. But how do you keep track of the software and patches used in your company? The solution: G DATA’s centralized Patch Management. Reduce the size of your clients’ attack area and prevent many cyber attacks that exploit known vulnerabilities.

G DATA Patch Management

  • Pre-tested updates from the world’s largest patch directory
  • Inventory of installed software on the clients
  • Implementation in test environments
  • Rollback orders as required
  • Reports

 

220,000

infected systems

(Source: heise.de)

150

countries concerned

(Source: heise.de)

Virus monitor with CloseGap hybrid technology

Anti-Ransomware

Behaviour monitoring of files

Protection against security vulnerabilities in installed software

Online banking and browser protection

Protection against malware and phishing when surfing

Protection against manipulated USB devices

Available for Windows desktops and servers

Available for Linux file servers and workstations

Protection for Mac

Firewall

Patch Management

Cum va protejam pe masura ce navigati pe web

In timp ce trimiteti si primiti e-mailuri

Pe langa fisierele de pe hard disk si pe dispozitive de stocare externe, scanerul nostru de virusi verifica si e-mailurile pentru continut rau intentionat. Acest lucru se aplica tuturor mesajelor pe care le trimiteti si le primiti prin intermediul programului de e-mail de pe computer. Daca scanerul nu gaseste nimic, este activata si functia Anti-Spam. Aplicatia verifica e-mailul pentru functiile care sunt tipice pentru spam. Aceste caracteristici sunt folosite pentru a calcula o valoare care reflecta probabilitatea de a fi spam.

In plus fata de evaluarea separata, tehnologia OutbreakShield compara rezultatele cu o baza de date de pe Internet – tiparele de virusi si e-mailurile spam trimise in masa sunt colectate aici. Aceasta permite solutiei Internet Security sa elimine diferenta care exista intre inceperea unei trimiteri in masa si lupta impotriva ei in timp real, folosind semnaturi special adaptate.

Aproape 106 milioane de e-mailuri spam au fost primite zilnic in Germania in 2015.

(Sursa: Statista 2016)

Cand navigati pe Internet

Monitorul de virusi verifica fiecare fisier care vine de pe web. Opreste documentele, imaginile si altele genuri de fisiere infectate in timp ce sunt descarcate. Aceasta inseamna ca descarcarile neobservate nu mai reprezinta o amenintare pentru dvs. Atunci cand face acest lucru, Internet Security nu se bazeaza doar pe semnaturi de virusi actualizate la fiecare ora. Pe langa scanarea de semnaturi, software-ul functioneaza si cu o solutie Cloud. Proprietatile fisierelor curente care contin programe malware sunt stocate in memoria respectiva. Aceste proprietati sunt comparate cu cele din fisierele dvs. si veti afla rapid dacă totul este in regula.

Adresele web sunt grupate in Cloud. Daca o adresa URL este identificata in baza de date ca distribuitor de continut rau intentionat, protectia browserului nostru blocheaza site-ul. Asadar, atunci cand infractorii cibernetici incearca sa va ademeneasca in capcane folosind link-uri de phishing, nu aveti de ce sa va temeti. Acest lucru se aplica si atacurilor prin intermediul retelelor sociale. Link-urile din mesajele si anunturile false nu sunt deschise in browser.

Indiferent de Cloud, protectia web verifica fiecare fisier trimis la computer pentru a accesa un site web. Aceasta permite detectarea continutului periculos inainte de a deschide pagina.

„Doua dintre cele mai frecvente atacuri de pe net sunt site-urile de phishing si infecțiile de tip drive-by.”

– G DATA PC Malware Raport H2 / 2015

Cerinte de sistem

■ Microsoft Windows 10 / 8.x / 7: min. 2 GB de memorie RAM

■ Toate functiile din solutiile G DATA sunt suportate pe sisteme cu 32 si 64 de biti

■ Este necesara o conexiune la Internet pentru a instala software-ul si pentru actualizari ale semnaturilor de virusi si de software