Intezer - Intezer Protect (CWPP): How it Works

Intezer Protect: How it Works

Written by Intezer
Join our free communityGet started
Share Article
FacebookTwitterLinkedIn

Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Genetic Malware Analysis technology, this solution continuously monitors the code running in your cloud, alerting you on any unauthorized or malicious activity  — while making no impact to performance.

Continue reading below to discover how this product works, taking into account modern, cloud-native needs such as scalability, performance and extremely low SecOps overhead.

Seamless Deployment
We provide a simple one-liner shell command or a configuration management (CM) tool script (e.g. Chef, Puppet, Ansible) to quickly install our sensor on your servers. Intezer Protect is designed to fit into your existing infrastructure, including different cloud providers, various versions of Linux, containerized or Kubernetes-powered environments and more. After this seamless installation, users can login to our SaaS-based dashboard to immediately get started.

No Configuration Required
Leveraging Genetic Malware Analysis technology, we automatically create a genetic profile from the existing software and code running on your cloud workloads. Unlike other security solutions in the market, this method generates a powerful and flexible runtime baseline that doesn’t require configuration or training from the user.

Continuous Monitoring and Protection
Intezer Protect monitors for any changes in the software, code, processes, or programs running on your cloud infrastructure. Any new code detected is automatically analyzed using Genetic Malware Analysis, to identify any small fragment of malicious code, or any substantial deviation from your existing runtime ecosystem. This granular type of in-memory monitoring enables you to detect extremely sophisticated cyber threats, such as exploitation of unknown vulnerabilities, injected code, fileless malware and more.

Alerts
Once we have detected malicious or unauthorized code running on your system, we alert about the intrusion and provide you with rich context, such as the exact process and container of the attack, the type of threat (malware family) and connections to previous incidents. Focusing on code-driven detection rather than behavioral (anomaly-based) detection allows us to produce only high confidence alerts.

Mitigation
We provide a quick and automatic way to immediately terminate the malicious or unauthorized code running in your cloud infrastructure, without interrupting business continuity or the normal operation of your production environment.

Visibility
In addition to protecting your cloud workloads, by diagnosing the origins of all software running on your cloud environment you gain in-depth runtime visibility — so even during quiet times with no alerts, you have the peace of mind knowing that only trusted software is running on your systems.
cloud workloads
Intezer protects your cloud infrastructure against data breaches, unauthorized code, exploitation of known and unknown vulnerabilities, cryptominers, fileless malware and APTs, and countless other cyber threats.

Download our brochure to learn about the features and benefits of Intezer Protect

Want to see the platform in action? Join us on Tuesday, January 28 at 12:00 pm ET // 18:00 CET for a live demo. Register Now

Intezer

Revealing the “genetic" origins of software, Intezer introduces a new way to detect and respond to cyber threats. Intezer offers enterprises advanced solutions to detect modern cyber attacks, while providing deep context for effective response.

© Intezer.com 2020 All rights reserved