This week is a very exciting week for us at Deepviz. We have been hard at work developing our Endpoint Client that runs on top of our analysis engine. We have been looking at various ways how we can allow everyone out there to benefit from our powerful analysis capabilities and have been looking at the best ways of doing that.
We have come to the realization that in order for enterprises to use our technology effectively we need to provide them with an optimal way of consuming it. Not everyone has sophisticated tapping infrastructure deployed and the ability to extract thousands of binaries out of a TCP stream in realtime to pump into an analysis tool.
Secondly, looking at the wider market and the way the threat landscape is evolving, we feel that it is essential to provide next generation capabilities to a wide audience and make it accessible to use at a price point that doesn’t leave you with an eye watering bill to deploy network appliances at all your egress points.
So, we sat down, thought long and hard about how we best leverage our technology to provide a cost effective way to solve this problem.
Enter the Deepviz Endpoint Client.
The agent is designed to be installed on Windows 7, 8, 8.1 both x86/x64 – Windows 10 x86 /x64 will be added very soon – machine and will do the following:
- Do an initial inventory scan of the host and verify all running processes and loaded modules with our cloud service. Any malicious items will be flagged up in the console
- Once the initial scan is complete we will monitor the filesystem for any changes. If we detect a new file written to disk, we will verify that object against our database. If we have a determination for that object, we will either allow it to run or block the execution.
- If the object is unknown to us, we will detonate the object in our cloud based sandbox and based on the results of that it will be logged in the console as clean or malicious.
What are the advantages of this approach ? Well the clear advantage is that you can deploy the agent on any laptop or desktop and you will have full detonation capabilities wherever that host goes. As we all know, the perimeter is wherever the Endpoint is, now your Endpoints have coverage, wherever they are.
This is simply the start of our beta and we need your help in testing all this stuff out. We will be adding enforcement, remediation and more features as we go, but we would like to get the basics solid first.
All feedback are greatly appreciated. You can register an account HERE and use your API key available HERE which will allow you to install the client on 3 machines to test out the console. The management console is available at endpoint.deepviz.com
Note: this is our first public beta of the client, which means we’re aware of several issues we need to address yet. Do not install it on a production environment unless you know what you are doing.
Click here to download the Deepviz Endpoint Client v.0.1.0 BETA
The Deepviz Team