Taking a Different Approach to Endpoint Security


In our last Problem Solved newsletter, we wrote about Endpoint Detection and Response technologies and highlighted that the vendors playing in this market segment omit to tell you in their literature that, to do Continuous Monitoring for Advanced Threat Detection and Root Cause Analysis comes with an “overhead” and its own set of challenges. In some cases the overhead and challenges are likely to negate the protection benefits the vendor solution purports to offer.

One organisation that has been able to take a slightly different approach in this market segment, due to their solid heritage in the field of digital forensics, is Guidance Software with their Encase Endpoint Security solution. This solution has two main parts:

  • Threat Detection
  • Incident Response

As you would expect Threat Detection does the analytical work and focuses on analysis of threats such as zero-days (signature-less), APTs (Advanced Persistent Threats) and insiders.

The Incident Response part confirms an event actually has occurred, determines its potential impact, triages and performs a remediation. However, what makes this solution really stand out is that the Encase Unified Endpoint Agent has been developed with a forensic approach to analytics. This means the agent is working at a kernel level and gets below the operating system, files, applications and any encrypted data.

This approach helps incident response teams:

  • Detect unknown threats that have evaded perimeter technologies using endpoint data
  • Quickly prioritise, validate and determine the scope of any event or threat
  • Assess the scope and impact of a compromise
  • Return the endpoint devices to a trusted state without the need to wipe and reimage

On this last point.... how many hours get consumed per annum rebuilding or restoring systems after some form of malicious attack or infection?

The overhead of Encase Unified Endpoint Agent on the endpoint device is very minimal, consuming just 1mb of storage space and requiring near zero CPU cycles 99% of the time. The agent is compatible with Mac, Windows, Linux and a range of other operating systems.

Customers for some time now have been less than satisfied with the gaps in their endpoint protection. New approaches from some new and incumbent vendors in this market segment offer some hope that the gaps will ultimately be made smaller. However, the newer alternatives should be considered carefully and be thoroughly tested.

In conjunction with our partners we are able to offer any organisation the ability to test the Encase Endpoint Security (EES) solutions’ effectiveness alongside their existing endpoint deployment. This exercise is straightforward given the lightweight design of the agent. Integration of EES with elements of a planned or existing security architecture is also readily tested adding value to SIEM systems, inputting Threat Intelligence feeds and Indicators of Compromise.

For more details on Guidance Software, their innovative Encase range of solutions and our trial offer contact -

Sameer Shaikh - sales@mpa.co.nz

To download – 5 Takeaways from the SANS Survey on Endpoint Security – Click Here


Sameer Shaikh -

Sameer has over 11 years of experience in sales and customer service roles in the technology, financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Taking a Different Approach to Endpoint Security More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >