RevBits Endpoint Security – Advanced Endpoint Security and Comprehensive Endpoint Management

Additional Info

CompanyRevBits
Websitehttp://www.revbits.com
Company size (employees)10 to 49
Headquarters RegionNorth America
Type of solutionSoftware

Overview

RevBits EPS & EDR is built upon a unique architecture, with detection mechanisms that go far beyond other EDRs. RevBits’ custom handlers, or proprietary application loading detection capabilities, find multi-stage malicious activities attempting to impersonate Windows applications, signing processes and trusted processes. RevBits EPS & EDR also has an accurate detection engine that prevents false positives and a distinctive architectural design for application whitelisting, sandboxing, spawning, and parent/child process analysis.

RevBits EPS & EDR accurately scans DLLs with our machine learning model to detect unknown malware. Installing Shell extensions is another way hackers load malicious DLLs and avoid detection. RevBits prevents this by requiring admin approval before allowing Shell extensions, the same way we require driver approvals.

When a new executable is asked to run on a device, if it isn’t already whitelisted, RevBits EPS & EDR automatically puts it into a sandbox for analysis. Regardless of what may have been added to obfuscate the malware, RevBits EPS & EDR evaluates the entire process, including executables, leaving no ability for malware to hide within legitimate programs and applications. RevBits’ ability to analyze Microsoft applications and processes is fundamental in preventing malicious code from entering and launching these types of attacks.

RevBits is the only EDR vendor that can detect and block this devastating exploit. By leveraging an undocumented Microsoft capability, RevBits processes every syscall, and identifies the functions that go to the kernel, to determine if the call is coming from an authentic source, or from somewhere else.

Key Capabilities / Features

RevBits EPS &EDR includes patented anti-rootkit threat detection, prevention and removal capabilities. To remove known and unknown rootkit malware, RevBits EPS & EDR identifies suspicious callback processes, hooks, registry keys and modified files. RevBits EPS & EDR anti-rootkit capabilities protect computer systems and data by detecting, blocking and removing malicious drivers.


RevBits EPS &EDR patented anti-rootkit software is able to patch drivers in memory, before they access the kernel space. This allows administrators to decide which drivers are allowed, and which ones are denied access to the kernel space. RevBits EPS & EDR will detect and alert on known and unknown malicious rootkits using unique modeling techniques, and remove them through our callback capabilities, whether they
are signed by Microsoft or any other certificate authority.


How we are different

* To detect and block malware direct syscalls, RevBits EPS & EDR debugging engine scans every system call made by the process being monitored. The entire chain of the call stack is traced and analyzed to determine the identity of the caller.


* The RevBits EPS & EDR transparent file system is unlike a traditional sandbox that runs in a virtual machine or a dedicated device. RevBits EPS & EDR is a security layer on top of the endpoint device’s operating system that runs and is executed within the actual computer. The transparent file system intercepts and intelligently redirects API calls, file system access and activity within a separate and confined cached location. It returns the encrypted files back to the malware, which convinces the program into thinking it has executed successfully.


* RevBits EPS & EDR is deployable in any type of environment; On-premises, SaaS, Hybrid-cloud, and Air-gap.


  • Vote for this Nomination
    (click the thumbs-up icon to cast your vote)

Promote this Nomination

Browse Award Nominations