You may have already noticed this added visibility and control is fast. Threat details collected from malware encountered at endpoints and network gateways can propagate through the data exchange layer in milliseconds, educating all security components to proactively immunize against newly detected threats.
TIE module for VSE policy is set to Enforce and block at Unknown
The objective of this use case is to demonstrate the speed and distribution in which the Data Exchange Layer is updated. Successful completion of this use case should demonstrate the near real-time distribution that the Data Exchange Layer offers.
Remote Desktop into the client system and run Hackit.exe. This populates the TIE reputations page.
Right-click the Hackit icon in the system tray and click Shutdown Hack-it
Be ready to click on Hackit.exe as quickly as possible in a future step.
Click on Menu | Systems Section | TIE Reputations
In the File Search tab Enter Hackit.exe in the search field and click Find Files.
*Note clicking enter will not search. You must use the mouse to click the Find Files Button.
Click the checkbox next to HackIt.exe
Are you ready to be quick? Click Actions and mark Hackit.exe file as ‘File Most Likely Malicious’
Move to the next step quickly
Remote Desktop into the client system and attempt to re-run Hackit.exe.
The execution attempt will be blocked.
Note that the reputation update was immediately distributed from ePO to the TIE client over the DXL. This kind of communication typically takes less than 1 second. You can repeat the test by changing the file reputation in ePO from “File Most Likely Malicious” to “File Known Trusted”.
No more waiting for agent wake up calls, slow dat releases or for the global threatfeed to update! The speed and distribution of the Data Exchange Layer provides a communication fabric that allows immediate protection across your entire enterprise.