WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits.
Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record (MBR), and can persistently infect higher-level system functions including operating systems and applications.
“APTs facing enterprises today are more complex, nefarious and sophisticated than ever before,” said Richard Stiennon, Chief Research Analyst at IT-Harvest and author of Surviving Cyberwar. “Malware hiding in a device’s BIOS will go undetected by traditional anti-virus programs operating at the OS level, creating a strong need for a solution that can identify an attack as it happens. Because Wave’s approach is rooted in hardware-based technologies, rootkits and other malware can be spotted before the OS even starts.”
Wave Endpoint Monitor captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the Trusted Platform Module (TPM), a security chip located on the motherboard of all business PCs. If anomalies are detected, IT is alerted immediately with real-time analytics.
Capabilities of Wave Endpoint Monitor include:
- Securely reports PC integrity measurements for central reporting and analysis
- Ensures data comes from a known endpoint
- Alerts IT administrators to anomalous behaviors, which can be linked to the presence of malware
- Provides configurable reporting and query tools
- Ensures strong device identity through the use of hardware-based digital certificates
- Remote provisioning of the TPM.