The VectorN Detection engine is a feature that searches for patterns within the blocks of Heimdal™'s DarkLayer Guard records.
- It works across-the-board on any Windows™ device;
- It does not rely on scanning the code or auditing any system processes. Instead, the new technology uses Machine Learning Detection (MLD) to perform an in-depth analysis of all incoming and outgoing HTTP, HTTPS, and DNS traffic;
- It matches Machine Learning (MLD) insights with Indicators of compromise/attack (IOC/IOA) and network forensics, turning Heimdal™ Threat Prevention - Endpoint into a unique, proactive cybersecurity suite;
- It helps users discover even hidden, second-generation malware that tries to infect the endpoint or attempts to harvest data from the compromised system;
- By tracking device-to-infrastructure communication, this technology enables users to detect and block advanced malware, regardless of the attack vector.
Example:
If Heimdal™ Endpoint Detections's Traffic Scanning is blocking a specific domain or multiple domains at a specific time of the day, VectorN Detection will consider this a pattern and will inform the user that there might be a possible threat.
Patterns:
- A domain is blocked multiple times a day in a very short time period;
- A domain is blocked every day at a specific time;
- Multiple domains are blocked in a very short time period.
NOTE!
When a pattern is found, that means something on the machine tries to reach the blocked domains but Heimdal™ Threat Prevention does not allow that. It's recommended to run the antivirus you have at your disposal, such as Heimdal™ Next-Gen Antivirus, Firewall & MDM .