What is threat hunting and why we need it now ? Threat hunting designates all the activities conducted by a threat hunter or a cyberthreat analyst in order to find hidden persistent threats inside an organization’s infrastructure. Abnormal events such as a connection to an unknown server, access to a sensitive process memory or a DLL injection are some examples of what a [...]
Nucleon Smart Endpoint takes a different approach to EPP than most of its competitors. Rather than putting the emphasis on runtime behavioral and memory analysis, as most current generation EPP products do, Nucleon utilizes their multi-layer Zero-Trust architecture for authorizing process level execution on the endpoint. The use of ML is essential in the EPDR product space. Here too, Nucleon deploys its proprietary ML in a novel way. Nucleon employs ML to “absorb” normal user activities to develop a baseline of activities on which to base endpoint specific rules that prevent malware execution. Additionally, Nucleon offers LOLBAS-informed hardening and detection as well as vulnerability enumeration.
Nucleon’s EDR covers the expected range of capabilities for aiding investigations, including IoC detection, CTI enrichment, and automated evidence collection. Nucleon offers a good range of remediation actions, from quarantining files to process termination to full system restore for affected machines.