CastleCops® Why Use Prevx2.0?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Why Use Prevx2.0?

This topic is locked you cannot edit posts or make replies

All -> FavForums -> Prevx

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

stubbs100

Prevx Host

Joined: Nov 21, 2004
Posts: 198
Location: UK

Posted: Wed Sep 27, 2006 8:49 pm Post subject: Why Use Prevx2.0?

Let me set the scene very briefly as to why Prevx2.0 is quite different to your existing end-point security products. When we set out to develop Prevx2.0 we wanted to address a fundamental weakness of conventional security products - their blindness to threats which they fail to recognize. In simple terms, unless these products recognize something by its signature, file heuristics or behavioural traps then they simply ignore it. Our belief was, and still is, that as malware threats become more and more covert and diverse security becomes more a question of intelligence than recognition. Prevx2.0 turns this issue on its head. We designed Prevx2.0 to monitor software activity at the system level and report unique behaviors back to a centralised database. Of course we also use signatures and heuristics but these are not conventional AV signatures, we are not trying to store signatures of the million or so malicious programs we have identified in the last twelve months on each PC. On the PC Prevx builds and maintains a unique agent based inventory of signatures which relate one to one with each executable (good or bad) present on that PC. This inventory is then updated as required in real time to reflect the determination of each and every new program on that PC. Known good programs can therefore be allowed to run freely without interruption, Known bad programs can be blocked from running and Unknown programs can be closely monitored for signs of malicious behavior and then blocked. This might sound a little like Host Intrusion Prevention but there is one big difference. Behavior is examined centrally. This means we can take account of the aggregated behavior of any executable and we can also consider its relationships to other objects from the whole Prevx community. So whereas HIPS has to make decisions based on what it sees a program do on the PC, Prevx2.0 has a massive advantage due to the additional intelligence it has gathered. Even if we fail to stop a new threat, once it is identified we already have all the event information associated with it to be able to clean up effectively. For further detailed information visit www.prevx.com Prevx

	All -> FavForums -> Prevx	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 92ppm 0.156s (0.031s) Making cybercriminals unhappy since 2002*