Key Ingredient To Detecting Advanced Threats? Investigate The Endpoint With RSA ECAT

Building an intelligence-driven security organization will be a game changer for organizations struggling with defending against cyber attacks and intrusions. The launch of RSA Security Analytics earlier this year was a big step in our mission to help customers address these challenges at the network level and today we take another step forward for endpoint threat detection with the launch of RSA ECAT V.3.5.


We all see the headlines every day — cyber-attacks, cybercriminals, targeted attacks, state-sponsored hackers – there is a never-ending pipeline of governments, enterprises and other organizations that have been compromised. Trying to secure the dissolving perimeter of a modern enterprise, and using signature-based technology such as anti-virus to detect advanced threats, is fighting yesterday’s battle with antiquated weapons. Today CISOs need to work on the assumption that with the hyper-connectivity and increased openness of IT infrastructures, they will have to defend against threats from inside their networks, not at some mythical perimeter.  That means putting in place the tools to identify intrusions, spot even the faintest signs of attack, and act before damage is done.

To that end, deep endpoint visibility is a must. While, network-based security solutions are critical in order to detect suspicious activity traversing the network, there are other gaps that need to be filled to help CISOs understand the cause and the scope of the breach.  For example, how do you gain visibility if the endpoint is off the corporate network?  If you see something suspicious on the network, how do you correlate that network traffic with the actual behavior of the endpoint?

Introducing RSA ECAT V.3.5

RSA ECAT is a signature-less malware detection tool for endpoints that helps organizations detect, analyze and respond to advanced threats. Combining live memory analysis and in-depth inspection of host behavior, RSA ECAT is designed to help security teams quickly identify previously unknown malware and compromises that other solutions miss.

With this latest release (available in August), we’ve added new levels of scalability and performance allowing RSA ECAT to engineered to scale across many thousands of endpoints, offering security teams the capability to provide fast analysis and quick response to threats. Additionally, we thought it was a natural step to integrate the endpoint protection of RSA ECAT with the network protection of RSA Security Analytics.  That, coupled with RSA Advanced Incident Management for Security (AIMS), provides a truly end-to-end solution for security visibility and incident management.

We are truly excited about the innovation RSA ECAT brings to our customers.  If you are attending the Black Hat 2013 Conference this week in Las Vegas, please stop by our booth to see RSA ECAT 3.5 in action.

About the Author: Chad Loeven