ReaQta-Core: Advanced Endpoint Protection System
ReaQta-core is an endpoint protection system that works by deploying an agent on endpoints and servers. The installation process is painless and on big infrastructures it can be easily scheduled using Active Directory’s Group Policy Objects. After policy’s execution your computers will be immediately ready and protected.
Clients and servers connect directly to ReaQta-Brain to receive policies and dispatch security events that will be examined by security analysts. Roaming clients do not require internet connection, ReaQta-core’s protection is always on to protect the endpoints even while traveling. When an internet connection is made available all the previous security events will be dispatched automatically to ReaQta-Brain.
Real-Time Detection and Protection
ReaQta-core uses a NanoOS to perform real-time monitoring of system’s components and applications. The NanoOS works at CPU privilege level and it’s capable of detecting and blocking malicious binaries and exploitation attempts without using signatures. Compared to standard security solutions ReaQta-core has several unique advantages:
- Detection and protection happen in real-time
- Continuous analysis and response to security events
- The NanoOS is invisible and unreachable to the malware
By moving the concept of sandboxing from the network to the endpoint, ReaQta-core solves two important issues:
- Endpoints are always protected, even when traveling and connected to unsafe networks or offline
- Sandbox-aware malwares that use delayed or event-based activations are always blocked in real-time
ReaQta-core’s application inspection engine is constantly active: it doesn’t matter whether a malware activates today or in a month, the analysis never stops and it’s always ready to block an application that turns malicious at any point in time.
Artificial Intelligence Engine
False positives are always a burden for security analysts who have to deal with thousands of devices. In order to reduce the amount of false positives produced by ReaQta-core, an artificial intelligence engine is used both on the client and on ReaQta-brain to filter out the information and show only events that are relevant:
- When a malware activity is identified it gets blocked without the need of human interaction.
- If an activity is marked as dubious from the client-AI it is passed to ReaQta-brain A.I. for further analysis.
- If both A.I. cannot converge to a result, an alert is immediately issued. The process happens in real-time.
The A.I. keeps learning from the whole infrastructure, developing with time strong anomaly detection capabilities. Each deployment of ReaQta-core is thus unique and it automatically adapts to the patterns of usage of each client.
Every event is processed in real-time by the client Artificial Intelligence engine. If an event cannot be reliably marked as safe, it is forwarded to ReaQta-brain for a deeper and infrastructure-wide inspection.
ReaQta-brain performs an infrastructure-wide analysis using state-of-the-art Machine Learning algorithms optimised for real-time response. Indicators obtained from every client are assessed and if a threat is detected it is immediately blocked.
All the indicators received by the clients are archived and can be accessed at any moment from the dashboard that allows in-depth analytics of detected events. High severity and Critical events are notified in real-time both on the dashboard and via email.
Protecting Data the Easy Way
ReaQta-core provides a unique policy creation system for data protection. This is the last protection layer that kicks in, it monitors access to data and documents. It is not necessary to tell the system where the data to protect is: ReaQta-core needs only to know what is the type of data that needs to be protected, despite its location on every endpoint. This approach provides a powerful protection layer against malware-driven data exfiltration, ransomwares like CryptoLocker, CryptoWall and similar and from unwanted user actions. The basic set of policies can be setup in less than 1 minute and deployed immediately to every client on the network. When a violation is detected the same vector that’s causing it can be blocked on the endpoint that has been targeted and at the same time on the whole infrastructure. Say goodbye to ransomwares and monitor which applications are accessing sensible data.
ReaQta-core provides a unique approach to security: it constantly analyzes every application without ever granting unmonitored access to any of them. Applications are monitored for their whole life, looking for changes in behavior or activities. The system can be configured to acquire a profile of each user’s activity, making it easier to track the origin of an incident and the activities performed by the malware, helping to provide contextual data to the attack and reducing the time spent during the analysis process.