An agent on the protected machine has a layered approach to detection of threats. All files written to disk are checked against an online database for reputational awareness, allowing for detection of known threats.
This takes place in milliseconds and this is the only part of the detection process that requires connectivity to the Internet.
Secondly, all files written to disk or modified on disk are subject to Deep File Inspection where the agent looks into the binaries that construct the file to identify what will happen when the file is run.
The last stage of detection is dynamic behavioural analysis of all processes that run at any one time on a machine.
This element allows for detection across all threat vectors, whether they are file based or not. In addition to this Application Vulnerability detection runs and USB Device Control is available to stop unwanted devices being used and Central Host Firewall Control is configurable. Deep Visibility can be enabled in the background to maintain a month’s worth of history from each machine to aid in retrospective investigative work.