Endpoint Detection and Response (EDR) with Metadefender and RSA NetWitness®
More and more organizations are implementing BYOD policies or letting their employees use company assets while working from home. This is problematic because of the risk of exposing those assets, and therefore the organization’s network, to outside threats. By using Endpoint Detection and Response (EDR) solutions, such as RSA NetWitness Endpoint (formerly RSA ECAT), organizations can monitor the endpoints in their network to see if they have been compromised.
OPSWAT’s Metadefender combines industry-leading security technology, intelligence, and expertise with partner products to allow endpoints running RSA NetWitness to securely scan files and running processes, and identify any malicious content so that it can be removed from the network. Through an integration with Metadefender, organizations using RSA NetWitness can bolster their security by:
- Preventing threats by scanning files and running processes for threats with the most advanced engines
- Preventing unknown threats with next-generation data sanitization technology, also known as Content Disarm and Reconstruction (CDR)
- Creating a process to scan endpoints for threats so they can be removed from the internal network
- Preventing threats by scanning endpoints for known vulnerabilities
- Auditing file scans from all endpoints
Key Features of Metadefender Core
Data Sanitization CDR
Uses over 90 data sanitization (CDR) engines to prevent unknown threats
Supports checks for known vulnerabilities in over 1 million binaries and 15,000 applications including:
Scans files with over 30 anti-malware engines in Metadefender Core including:
Custom Security Policies
Defines different data security policies for different users or groups of users
Flexible Deployment & Load Balancing
Supports deployment on either physical or virtual servers with built-in load balancing for high-volume environments
Supports both Windows and Linux environments
Additional Resources for Deployments with RSA NetWitness
RSA NetWitness integrates with OPSWAT Metadefender Core via Metadefender’s REST API service. This integration allows NetWitness administrators to analyze modules with multiple anti-malware engines from a context menu within the NetWitness UI. The results of the analysis can be viewed on the OPSWAT Verdict in the properties of a selected module. The time of the last analysis performed on the module will be shown in the Analysis Time field, also found in the properties of the module.
RSA NetWitness Endpoint is an endpoint detection and response tool that employs a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning to detect new and hidden threats that other solutions miss entirely. RSA NetWitness Endpoint helps focus investigations amid thousands of alerts and accelerates response by security teams of all sizes.
Customer Case Study
SCL Health selected Metadefender Core with RSA Netwitness to protect 13,000 machines from threats. RSA’s tool analyzes activity in a machine’s memory to look for threats, and to augment this monitoring for suspicious activity, Metadefender Core is integrated to scan files with multiple anti-malware engines. This multi-layer defense helps SCL secure machines in their network that store sensitive patient information.