In order to have a good experience using the Heimdal™ Threat Prevention and module, we recommend you take a closer look on the following information:
- Description of the module
- Dark Layer Guard
- New features for Dark Layer Guard
- VectorN Detections
- New Features for VectorN Detection
Heimdal™ Threat Prevention
The module embeds everything a system needs to prevent an infection before it happens. It filters malicious traffic, updates 3rd party apps thus minimizing exploitation risks and it identifies the computers that may have been compromised by attackers, also reporting this to the centralized management system. The protection is proactive, reliable, scalable, and consists of three active modules: DarkLayer Guard and VectorN Detection
Dark Layer Guard
This module is responsible for filtering all network packages based on DNS request origin and destination. It replaces the manual or DHCP set DNS values with IPs from the Client Host IP range thus effectively telling the computers to resolve the DNS requests themselves. The original DNS values from the network card settings are not lost, they are saved under GUIDs in the Windows Registry and they are used when requests are made towards internal resources like print servers, local file servers, or anything that has a private IP assigned.
The traffic filtering engine, which blocks malicious packages from communicating across the network prevents man-in-the-browser attacks, detects zero-hour exploits, protects from data or financial exfiltration, and prevents data loss or network infections.
Here is an example of how Heimdal™ Threat Prevention's multi-layered protection works against malware, social engineering scams and drive-by attacks:
The module blocks malicious websites by making sure that users do not establish untrusted connections. If a connection is made, an attacker is able to open backdoors into a PC by using zero-day exploits or by executing remote shellcodes. Heimdal™ Threat Prevention also makes sure that data is not automatically filled into online forms, belonging to fraudulent websites.
DLG can shield a PC from a man-in-the-browser attack, it can hide it from an attacker’s domain or it can prevent ransomware - such as Crypto locker - from downloading its encryption keys even if the PC has already been infected.
An example of how Dark Layer Guard protects users from financially exploiting malware (banking trojans) can be seen below:
The Dark Layer Guard filter receives more than 800.000 new weekly updates to keep up with cybercriminals’ threats. A filter update is provided every 2 hours. The update is based on a wide range of data, such as newly registered domain names, reverse engineering of advanced malware, monitoring of criminal network sinkholes, and data gathered during e-crime analysis.
This insight into cybercrime enables Heimdal to block data from a PC or network from being sent to a hacker-controlled server, therefore protecting corporate or personal data from exfiltration.
NEW FEATURES for Dark Layer Guard
Filter devices on Dark Layer Guard grid views (except CATEGORY BLOCKS VIEW)
If you select one device from the device list you will have the possibility to filter the entire grid (no need for accessing other values).
- Click here for more details regarding Dark Layer Guard
- Click here to navigate The User Interface in Thor Home
- Click here to configure your Heimdal™
This module identifies the computers that are most prone to have been infected by malicious scripts and malware. It will identify patterns of malicious domain requests and filter these accordingly. The computers identified by VectornN as potentially infected are to be ultimately treated as threats by the system administrator, investigated, and scanned for threats either manually or automatically.
In 2017 data-stealing malware or data usage attacks were responsible for more than 55% of the cases where corporations lost valuable information. Approximately 19% of data theft malware is detected by traditional antivirus software. Low detection rates are caused by polymorphism, which means that malware can constantly change behaviour and attack methods. The problem of data theft is furthermore increasing because informational theft is no longer happening on the PC itself but is spreading over the entire network. VectorN Detection employs traffic and usage algorithms, rather than rely just on signature and access detection.
NEW FEATURES for VectorN Detection:
Filter devices on VectorN view
Right now you can find a new dropdown called ' Filters', where you will find more options for the grid view.
- Click here for more details regarding VectorN Detection
- Click here for more details regarding VectorN Detection Engine
- Click here for MODERATE POSSIBILITY of infection
- Click here for HIGH AND VERY HIGH POSSIBILITY of infection
- Click here for VectorN Detection LOW RISK Users
- Click here for VectorN Detection MEDIUM RISK Users
- Click here for VectorN Detection HIGH RISK Users
Here is the Heimdal™ Threat Prevention - Endpoint product overview presentation: