Solution brief
Endgame Endpoint Prevention
and Threat Hunting with
HPE Security ArcSight
Endgame and HPE Security join forces to empower
security teams to hunt and evict adversaries with early
prevention and IOC-independent detection.
What is Endgame?
Solution overview
Endgame is a comprehensive endpoint
security platform that prevents, stops, and
hunts for known and unknown threats at
the earliest and all stages of the attack
lifecycle. Without relying on signatures and
indicators of compromise (IOCs), Endgame
provides protection from increasingly
polymorphic and evasive attacks. The
platform transforms security analysts and
incident responders from crime scene
investigators into hunters, dramatically
reducing the time and cost associated with
detection and response.
Endgame has partnered with HPE Security
ArcSight whose solutions deliver advanced
protection, centralized correlation, and
comprehensive visibility. As the first
comprehensive IOC-independent endpoint
security platform for HPE Security ArcSight,
Endgame hunts and detects unknown
threats at the earliest stages of the kill chain.
Once detected, organizations can surgically
remove threats, reducing the time, cost,
and disruption associated with a traditional
incident response.
Endgame prevents attacks at the earliest
stages thwarting advanced tactics such as
exploitation, execution, process injection,
and privilege escalation. Endgame Hardware
Assisted Control Flow Integrity (HA-CFI),
a pre-exploit protection technology, stops
attackers before code executes.
Endgame Detect and Respond stops
resident attackers who leverage advanced
techniques such as malicious persistence,
in-memory execution, and privilege
escalation. Endgame automates the hunt for
next-generation attacks by automating data
collection and analysis across all endpoints
in seconds, instantly surfacing suspicious
artifacts and malicious activity with prebuilt
White Box Analytics.
HPE Security ArcSight Enterprise Security
Manager (ESM) ingests these events
as Endgame uncovers threats via the
HPE certified Endgame connector. Each
event is mapped to the common event
format (CEF), enabling fast correlation of
Endgame events together with more than
350 HPE Security ArcSight supported
infrastructure and security device feeds.
The HPE Security ArcSight portfolio
delivers security data management, event
correlation, and security analytics to
prioritize threats in real time, providing
centralized visibility and accelerated
response to cyber threats. Each Endgame
alert contains links that provide one-click
access to Endgame’s human-readable
reports that detail what was detected, its
significance, and any automated actions that
were taken. The Endgame platform provides
a range of zero-disruption response actions.
Solution brief
Endgame and HPE Security
ArcSight benefits
Endgame and HPE Security
ArcSight use cases
•Complete visibility and centralized
monitoring across endpoint, network, and
user behavior, enabling intelligent security
operations
Prevention
Block attackers before they can gain initial
access, execute malicious code, or elevate
their privileges by monitoring multiple
layers (such as hardware, kernel, user
space, and more) of the endpoint. Endgame
alerts are sent to HPE Security ArcSight
for correlation with security events and
network activity. These alerts are then
prioritized for response.
•IOC-independent prevention and detection
of exploits, polymorphic malware, and
advanced attacker techniques through
HPE certified ArcSight CEF alerts to enable
comprehensive detection
•Automated real-time correlation and
prioritization to accelerate incident triage
and investigation
•Intuitive investigation and accelerated
response through deep linking between
HPE Security ArcSight ESM and the
Endgame platform
HPE Security
ArcSight
ESM
Endgame
Alerts
Pivot
HPE Security
ArcSight Data
Platform
Behavior
Response
Endpoints
Security and network devices
Figure 1: Endgame and HPE Security ArcSight ESM
integration
Threat Hunting
Uncover compromised systems before
attackers can execute their objectives
through IOC-independent detection of
advanced techniques, including stealth
persistence, memory-resident attacks, and
unknown malware. Combining Endgame and
HPE Security ArcSight enables end-to-end
hunting across endpoints, user activity, and
network behavior.
Triage
Accelerate investigation and response by
automating the triage and prioritization
of threats across endpoint, log, and
network events. Combining Endgame
and HPE Security ArcSight provides
security operations with the ability to
prioritize investigation and response
activities more accurately and efficiently
through wider context.
Incident response
Reduce loss and response costs by
transforming incident response into a
proactive process that stops attacks in
the earliest phases, controlling scope
and severity. Cross-check Endgame
and HPE Security ArcSight Intelligence
to determine the scope and severity of
an incident, pivoting to the Endgame
console to mitigate the threat with surgical
response actions.
About Endgame
Endgame is a leading provider of
next-generation endpoint security solution
that enables enterprises to automate the
hunt for the most sophisticated adversaries
within their networks. The Endgame Hunt
platform empowers hunt teams, incident
responders, and security operators to
conduct an end-to-end hunt mission,
significantly reducing the time to detect and
contain adversaries. Our IOC-independent
platform covers the entire kill chain,
leveraging machine learning and data
science to uncover in real-time, unique
attacks that evade traditional defenses
and respond precisely without disrupting
normal business operations. For more
information, visit endgame.com and follow
on Twitter @EndgameInc.
About HPE Security
Hewlett Packard Enterprise is a leading
provider of security and compliance
solutions for the modern enterprise that
wants to mitigate risk in their hybrid
environment and defend against advanced
threats. Based on market-leading
products from HPE Security ArcSight,
HPE Security Fortify, and HPE Security—
Data Security, the HPE Security
Intelligence Platform uniquely delivers
the advanced correlation and analytics,
application protection, and data security to
protect today’s hybrid IT infrastructure from
sophisticated cyber threats.
Visit the HPE ArcSight Marketplace
to find HPE Security ArcSight apps,
security packages, documentation, use
cases, community sharing, and security
information and event management (SIEM)
best practices.
Learn more at
HPE ArcSight ESM
Sign up for updates
© Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change
without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
4AA6-8388ENN, December 2016