Cigent® data defense solutions enhance EDR by adding a layer of threat detection and response that is as close to the data as possible. Sensitive files are protected at all times, from almost any threat vector, even in the event of a security breach.
Cigent’s Zero-Trust file access controls rely on multifactor authentication to defend against data theft and ransomware in an elevated threat environment, even if the system is compromised. Its data security solutions feature the first and only family of self-defending storage devices with cybersecurity built into the firmware itself, including a dedicated security processor that relies on machine learning to detect and respond to ransomware, a keep alive sensor that automatically encrypts sensitive files if host security software is bypassed, and a safe room that makes data invisible to any attacker, either at all times or in an elevated threat environment.
Cigent data defense solutions are threat aware and respond to security events by protecting sensitive files with a step-up authentication and automatically locking data in a hardware-encrypted safe room that makes data invisible to any attacker. Threat events are ingested from popular EDR solutions and detection is enhanced with built-in state and deception based sensors.
The Cigent Dynamic Data Defense Engine™ or D³E adds simple step-up authentication for access to sensitive files as well as Cigent Secure Drives. Verification that the trusted user is accessing files protects against data theft, ransomware, and insider theft. Files and folders can be configured to require step-up authentication for access when threats are detected by Active Lock.
D³E Active Lock integrates with EDR solutions to monitor attacks on PCs. When a threat is detected, Active Lock protects designated files and Cigent Secure Drives, requiring step-up authentication for access, until the threat is cleared. There are many options for step-up authentication including Windows Hello PIN, Fingerprint, Facial Recognition, Microsoft and Google Authenticator, and Cisco Duo OTP and push notifications.
Cigent D³E includes built-in sensors that detect threats and trigger an Active Lock on dynamically protected files and Secure Drives.
Detect if the host antivirus agent is disabled.
Detect if Windows PC connects to an untrusted network.
Detect attempted access to deception files that are added to the Windows File System by D³E or by the user.
Detect attempted access to network honeypots, created by D³E.
Detect insertion of an untrusted USB device.
Cigent D³E integrates with Microsoft Defender, PC Matic, and other popular antivirus software. D³E responds to security events that are detected by antivirus solutions, by locking dynamically-protected files and Secure Drives.
Cigent D³E integrates with popular EDR solutions through the Cigent Management Console and responds to security events by locking dynamically protected files and Secure Drives, by device or across groups of users.
Detect if the host antivirus agent is disabled.
When a system has Cigent Secure SSD™ and D³E, two types of Secure Drives can be created to store and protect sensitive files. The Locked Secure Drive remains hidden from the entire PC unless, and until, the trusted user enables it with a Zero-Trust step-up authentication. Once mounted, all files stored in the L Drive remain protected with multi-factor authentication at all times. If a threat is detected, D³E security software is disabled, Windows locks, or the PC shuts down, the L Drive disappears from the OS layer and remains invisible to an attacker.
The Protected Secure Drive remains mounted when the user is logged in. When a threat is detected or D³E security software is disabled, the P Drive remains mounted but all files lock until the threat is cleared. If Windows locks or the PC is power cycled, the P Drive also locks and disappears from the OS layer.
The only way to unlock a Secure Drive is with D³E installed on the machine using MFA. It uses firmware security to protect against the vast majority of endpoint threat vectors including below-the-OS attacks such as kernel and hypervisor attacks, chip implants, boot/rootkits, and firmware/BIOS malware, as well as credential compromise, software vulnerabilities, and more.
Configure disk partitions that remain hidden from the OS layer, either at all times or when the system is under duress. MFA is required to mount Secure Drives.
Heartbeat monitors the D³E agent and locks Secure Drives if D³E is disabled or the system is power cycled.
The dedicated security processor uses machine learning to detect and respond to ransomware, even if host security software is bypassed.
File Access Logs indicate what files have been accessed during a suspected breach.
Hidden, the hard drive remains invisible to the system until you flip into it using multifactor authentication.
Secure SSD storage is the first and only SSD to include Cigent TrueErase™—firmware verification that reports each block’s erased or unerased state after a wipe attempt. As a result, the trusted user can safely repurpose their device, retire it, or ship it for destruction, saving money on expensive media and allowing you to implement a green policy for storage device lifecycle management.
The dedicated security processor detects an OS Boot Attack and automatically locks the data until a trusted user clears the threat.
The dedicated security processor detects image, clone, and wipe activities and locks the data, requiring the trusted user to unlock files with MFA.
With an integrated connection-detection circuit, attempts to tamper with or remove the drive from the PC chassis or external media enclosure are immediately detected. Designated files are either wiped or locked down.
Unique gesture monitoring can be used to enable gesture-based file locking, drive wiping, Dual Mode switching, and other automated responses. Additionally, gesture monitoring can be used to detect unauthorized usage and alert the user or SOC.
The Cigent Management Console supports several features that enhance EDR.
Configure and manage integrations to other endpoint detection and response solutions—such as VMware Carbon Black, Sophos, Cisco Secure Endpoint, and CyberArk—to enable an additional layer of response to threats detected by those solutions.
For rapid response to externally-detected threats, engage Active Lock on a single device or on a group of devices—quickly and easily.
View Active Lock, policy compliance, and protection status across all devices. Easily identify devices that are not meeting minimum protection standards and those that should have incremental protection configured.
View historic threats across all devices. Use predefined filters or Google-style search to quickly refine your search.
On December 8th, 2020 Fireye, one of the worlds largest Cybersecurity companies, reported the unauthorized access and exfiltration of their red team tools. How can Cigent help?
Thanks to COVID-19, many are working from home. Here are some things for companies to keep in mind while their employees work from home.
Due to the COVID-19 pandemic, many teams are working from home. Here are four of the best secure authentication methods to help team members protect company data.