AEP isn’t just for malware hunting, it’s also a complete patch management tool. On our sample Windows 7 and 10 VMs, it found more than 370 and 35 patches respectively to bring up the original installation to current patch levels. You can very quickly group them by severity (critical, important or low) and install the ones that are most essential to your operations.
There are three pricing tiers: Basic, Premium and Platinum. The basic tier is free and intended for free trials. This will bring up a cloud-based management console and allow you to setup 100 users for 30 days. At the end of the trial, you pay anywhere from $31 to $54 per user per year and can opt for the use of a locally based server. The Platinum level includes Valkyrie and adds human screening to its automated procedures. There are volume and yearly discounts that can reduce these prices substantially.
CounterTacktack Sentinel v5.5
Sentinel performs real-time threat analysis of your endpoint collection. The added twist is that it integrates with various Big Data analytics tools, both its own and various third parties, and can be almost infinitely customized to work with security feeds.
Sentinel can manage both Linux and Windows endpoints and supports a wide range of them, going back to XP Service Pack 3 and including Windows Server versions. They are working on sensors for point-of-sale and embedded systems, along with Mac OS support later in the year.
We tested Sentinel on a series of VMs, both running the server and various Windows endpoints. The collection server will need a very hefty 64GB of RAM and two separate gigabit network cards. When you install the server on a CentOS machine, it sets up a Web-based dashboard and management console. The console is very cleanly designed with a series of menus for intelligence summary, searches, configuration and reports.
There is a separate dashboard to manage its Cloudera-based cluster, which is used to scale up for larger network collections. The cluster is used for analysis: information from a local collection server is de-duplicated and compressed and sent to the cloud automatically.
Sentinel’s executive dashboard shows a summary of what has been detected and the severity of the infection or errors it has found. Threats are grouped by OS type and have other customizable filters, and you can drill down to examine what set off its detector.
It has the ability to automatically correlate threats by such factors as business unit or patch level, so you can manage a collection of endpoints with similar circumstances. Like other products, you can view the entire malware execution chain, showing various processes and steps that an infection took to compromise your endpoint. It can also look at DNS queries and map them to particular running processes for easier identification.
Sign up for CIO Asia eNewsletters.