Wave Endpoint Monitor detects anomalous behavior
Wave Systems announced Wave Endpoint Monitor (WEM), a solution that detects malware by leveraging capabilities of an industry standard security chip onboard the PC.
WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits.
Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record (MBR), and can persistently infect higher-level system functions including operating systems and applications.
“APTs facing enterprises today are more complex, nefarious and sophisticated than ever before,” said Richard Stiennon, Chief Research Analyst at IT-Harvest and author of Surviving Cyberwar. “Malware hiding in a device’s BIOS will go undetected by traditional anti-virus programs operating at the OS level, creating a strong need for a solution that can identify an attack as it happens. Because Wave’s approach is rooted in hardware-based technologies, rootkits and other malware can be spotted before the OS even starts.”
Wave Endpoint Monitor captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the Trusted Platform Module (TPM), a security chip located on the motherboard of all business PCs. If anomalies are detected, IT is alerted immediately with real-time analytics.
Capabilities of Wave Endpoint Monitor include:
- Securely reports PC integrity measurements for central reporting and analysis
- Ensures data comes from a known endpoint
- Alerts IT administrators to anomalous behaviors, which can be linked to the presence of malware
- Provides configurable reporting and query tools
- Ensures strong device identity through the use of hardware-based digital certificates
- Remote provisioning of the TPM.
“Today’s security threat environment calls for industry-proven solutions to collect and analyze pre-operating system health information and to ensure endpoints are known and trusted,” said Steven Sprague, CEO of Wave Systems. “Since advanced persistent threats can sometimes appear as normal traffic, new rootkits often go unnoticed for long periods of time and cause severe damage in the form of infected systems and data loss. Wave Endpoint Monitor allows IT to utilize the hardware security you’ve already bought and deployed to ensure PC health from the start of the boot process while creating a higher level of trust in your endpoints.”