Enhanced EDR: Data Breach Prevention

Extend EDR to the data layer with Cigent Data Defense.

Data Protection

Cigent® data defense solutions enhance EDR by adding a layer of threat detection and response that is as close to the data as possible. Sensitive files are protected at all times, from almost any threat vector, even in the event of a security breach.

Zero Trust

Cigent’s Zero-Trust file access controls rely on multifactor authentication to defend against data theft and ransomware in an elevated threat environment, even if the system is compromised. Its data security solutions feature the first and only family of self-defending storage devices with cybersecurity built into the firmware itself, including a dedicated security processor that relies on machine learning to detect and respond to ransomware, a keep alive sensor that automatically encrypts sensitive files if host security software is bypassed, and a safe room that makes data invisible to any attacker, either at all times or in an elevated threat environment.

Safe Room

Cigent data defense solutions are threat aware and respond to security events by protecting sensitive files with a step-up authentication and automatically locking data in a hardware-encrypted safe room that makes data invisible to any attacker.  Threat events are ingested from popular EDR solutions and detection is enhanced with built-in state and deception based sensors.

Cigent Solutions

Cigent D³E

Zero-Trust Access Controls

The Cigent Dynamic Data Defense Engine™ or D³E adds simple step-up authentication for access to sensitive files as well as Cigent Secure Drives. Verification that the trusted user is accessing files protects against data theft, ransomware, and insider theft. Files and folders can be configured to require step-up authentication for access when threats are detected by Active Lock.

Active Lock Threat Response

D³E Active Lock integrates with EDR solutions to monitor attacks on PCs. When a threat is detected, Active Lock protects designated files and Cigent Secure Drives, requiring step-up authentication for access, until the threat is cleared. There are many options for step-up authentication including Windows Hello PIN, Fingerprint, Facial Recognition, Microsoft and Google Authenticator, and Cisco Duo OTP and push notifications.

Cigent D³E Sensors

Cigent D³E includes built-in sensors that detect threats and trigger an Active Lock on dynamically protected files and Secure Drives.

Disable AV Endpoint

Disable AV Endpoint

Detect if the host antivirus agent is disabled.

Untrusted Network

Untrusted Network

Detect if Windows PC connects to an untrusted network.

File Deception

File Deception

Detect attempted access to deception files that are added to the Windows File System by D³E or by the user.

Network Deception

Network Deception

Detect attempted access to network honeypots, created by D³E.

USB Insertion

USB Insertion

Detect insertion of an untrusted USB device.

AV Integrations

AV Integrations

Cigent D³E integrates with Microsoft Defender, PC Matic, and other popular antivirus software. D³E responds to security events that are detected by antivirus solutions, by locking dynamically-protected files and Secure Drives.

EDR Integrations

EDR Integrations

Cigent D³E integrates with popular EDR solutions through the Cigent Management Console and responds to security events by locking dynamically protected files and Secure Drives, by device or across groups of users.

View supported integrations »

Endpoint Malware, Rootkit, and Virus Scanning

Endpoint Malware, Rootkit, and Virus Scanning

Detect if the host antivirus agent is disabled.

Cigent Secure SSD

Locked and Protected Secure Drives

When a system has Cigent Secure SSD™ and D³E, two types of Secure Drives can be created to store and protect sensitive files. The Locked Secure Drive remains hidden from the entire PC unless, and until, the trusted user enables it with a Zero-Trust step-up authentication. Once mounted, all files stored in the L Drive remain protected with multi-factor authentication at all times. If a threat is detected, D³E security software is disabled, Windows locks, or the PC shuts down, the L Drive disappears from the OS layer and remains invisible to an attacker.

The Protected Secure Drive remains mounted when the user is logged in. When a threat is detected or D³E security software is disabled, the P Drive remains mounted but all files lock until the threat is cleared. If Windows locks or the PC is power cycled, the P Drive also locks and disappears from the OS layer.

Multifactor Authentication

The only way to unlock a Secure Drive is with D³E installed on the machine using MFA. It uses firmware security to protect against the vast majority of endpoint threat vectors including below-the-OS attacks such as kernel and hypervisor attacks, chip implants, boot/rootkits, and firmware/BIOS malware, as well as credential compromise, software vulnerabilities, and more.

Cigent Secure SSD Firmware and Hardware Features

Secure Drives

Secure Drives

Configure disk partitions that remain hidden from the OS layer, either at all times or when the system is under duress. MFA is required to mount Secure Drives.

Tethering

Tethering

Heartbeat monitors the D³E agent and locks Secure Drives if D³E is disabled or the system is power cycled.

Ransomware Detection & Response

Ransomware Detection & Response

The dedicated security processor uses machine learning to detect and respond to ransomware, even if host security software is bypassed.

File Access Logging

File Access Logging

File Access Logs indicate what files have been accessed during a suspected breach.

Dual Mode

Dual Mode

Hidden, the hard drive remains invisible to the system until you flip into it using multifactor authentication.

True Erase

True Erase

Secure SSD storage is the first and only SSD to include Cigent TrueErase™—firmware verification that reports each block’s erased or unerased state after a wipe attempt. As a result, the trusted user can safely repurpose their device, retire it, or ship it for destruction, saving money on expensive media and allowing you to implement a green policy for storage device lifecycle management.

Malicious OS Boot Attack

Malicious OS Boot Attack

The dedicated security processor detects an OS Boot Attack and automatically locks the data until a trusted user clears the threat.

Image, Clone, and Wipe Attempts

Image, Clone, and Wipe Attempts

The dedicated security processor detects image, clone, and wipe activities and locks the data, requiring the trusted user to unlock files with MFA.

Unauthorized Drive Removal

Unauthorized Drive Removal

With an integrated connection-detection circuit, attempts to tamper with or remove the drive from the PC chassis or external media enclosure are immediately detected. Designated files are either wiped or locked down.

Gesture Detection

Gesture Detection

Unique gesture monitoring can be used to enable gesture-based file locking, drive wiping, Dual Mode switching, and other automated responses. Additionally, gesture monitoring can be used to detect unauthorized usage and alert the user or SOC.

Cigent Management Console

Flexible Administration

The Cigent Management Console supports several features that enhance EDR.

Integrations

Integrations

Configure and manage integrations to other endpoint detection and response solutions—such as VMware Carbon Black, Sophos, Cisco Secure Endpoint, and CyberArk—to enable an additional layer of response to threats detected by those solutions.

Centralized File Locking

Centralized File Locking

For rapid response to externally-detected threats, engage Active Lock on a single device or on a group of devices—quickly and easily.

Device Management

Device Management

View Active Lock, policy compliance, and protection status across all devices. Easily identify devices that are not meeting minimum protection standards and those that should have incremental protection configured.

Threat History

Threat History

View historic threats across all devices. Use predefined filters or Google-style search to quickly refine your search.

Learn more about Cigent endpoint defense.

Explore related cybersecurity articles.

Cyberthreat Assessment FAQ

No items found.