What is Bromium Endpoint Monitoring?
Bromium Endpoint Monitoring provides comprehensive task-centric detection for any malicious execution. It records comprehensive forensic intelligence for each endpoint attack, auto-correlating low-level endpoint events to deliver precise indicators of compromise (IOCs), to enable security teams to quickly detect and respond to an attack or attempted breach.
How It Works
Bromium Endpoint Monitoring sensors provide real-time monitoring of key system parameters. A wide range of functions within the protected system must be instrumented to ensure all the relevant threat indicators are monitored. Listed below are some of the primary functions Bromium monitors:
- Process manipulation—used for malware injection
- Memory access—common in drive-by attacks
- Registry manipulation—key component in malware persistence
- Files system activity—primary point of attack for malware droppers
- Network activity—Core threat indicators for malicious attacks and C&C servers
If Bromium Endpoint Monitoring detects an attack, all the relevant forensics are forwarded to and processed by Bromium Threat Analysis, which produces a forensic analysis for each attack.
Why You Need It
According to Gartner, “Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.” Bromium Endpoint Monitoring enables continuous host monitoring to monitor trusted content for potentially risky and known bad content. This approach complements the unrivaled protection capabilities inherent to Bromium’s CPU-based isolation. Security teams need this combination of true protection coupled with real-time visibility of the endpoint to ensure the overall security of the enterprise.