cancel
Showing results for 
Search instead for 
Did you mean: 

How to immediately distribute protection against emerging threats across your environment

Introduction

You may have already noticed this added visibility and control is fast.  Threat details collected from malware encountered at endpoints and network gateways can propagate through the data exchange layer in milliseconds, educating all security components to proactively immunize against newly detected threats.

 

Video

 

Prerequisites

  • Hackit.exe is on the desktop of your client.  Hackit can be found at: http://mcaf.ee/yiuva.
  • TIE module for VSE policy is set to Enforce and block at Unknown

 

Objective


The objective of this use case is to demonstrate the speed and distribution in which the Data Exchange Layer is updated.  Successful completion of this use case should demonstrate the near real-time distribution that the Data Exchange Layer offers.


Use Case

Remote Desktop into the client system and run Hackit.exe.  This populates the TIE reputations page.

hackit.png

Right-click the Hackit icon in the system tray and click Shutdown Hack-it

Be ready to click on Hackit.exe as quickly as possible in a future step.

hackit shutdown.png

 

Click on Menu | Systems Section | TIE Reputations

uv2.PNG

In the File Search tab Enter Hackit.exe in the search field and click Find Files.

*Note clicking enter will not search.  You must use the mouse to click the Find Files Button.

 

a.png
Click the checkbox next to HackIt.exe 

Capture2.PNG

Are you ready to be quick?  Click Actions and mark Hackit.exe file as ‘File Most Likely Malicious’

Move to the next step quickly

Capture.PNG
  
Remote Desktop into the client system and attempt to re-run Hackit.exe
  hackit.png
The execution attempt will be blocked.

Note that the reputation update was immediately distributed from ePO to the TIE client over the DXL. This kind of communication typically takes less than 1 second. You can repeat the test by changing the file reputation in ePO from “File Most Likely Malicious” to “File Known Trusted”.

block Hackit.png


Conclusion


No more waiting for agent wake up calls, slow dat releases or for the global threatfeed to update!  The speed and distribution of the Data Exchange Layer provides a communication fabric that allows immediate protection across your entire enterprise.

Labels (1)
Tags (2)
Contributors
Version history
Revision #:
3 of 3
Last update:
‎03-15-2018 01:15 PM
Updated by: