Taking a Different Approach to Endpoint Security


In our last Problem Solved newsletter, we wrote about Endpoint Detection and Response technologies and highlighted that the vendors playing in this market segment omit to tell you in their literature that, to do Continuous Monitoring for Advanced Threat Detection and Root Cause Analysis comes with an “overhead” and its own set of challenges. In some cases the overhead and challenges are likely to negate the protection benefits the vendor solution purports to offer.

One organisation that has been able to take a slightly different approach in this market segment, due to their solid heritage in the field of digital forensics, is Guidance Software with their Encase Endpoint Security solution. This solution has two main parts:

  • Threat Detection
  • Incident Response

As you would expect Threat Detection does the analytical work and focuses on analysis of threats such as zero-days (signature-less), APTs (Advanced Persistent Threats) and insiders.

The Incident Response part confirms an event actually has occurred, determines its potential impact, triages and performs a remediation. However, what makes this solution really stand out is that the Encase Unified Endpoint Agent has been developed with a forensic approach to analytics. This means the agent is working at a kernel level and gets below the operating system, files, applications and any encrypted data.

This approach helps incident response teams:

  • Detect unknown threats that have evaded perimeter technologies using endpoint data
  • Quickly prioritise, validate and determine the scope of any event or threat
  • Assess the scope and impact of a compromise
  • Return the endpoint devices to a trusted state without the need to wipe and reimage

On this last point.... how many hours get consumed per annum rebuilding or restoring systems after some form of malicious attack or infection?

The overhead of Encase Unified Endpoint Agent on the endpoint device is very minimal, consuming just 1mb of storage space and requiring near zero CPU cycles 99% of the time. The agent is compatible with Mac, Windows, Linux and a range of other operating systems.

Customers for some time now have been less than satisfied with the gaps in their endpoint protection. New approaches from some new and incumbent vendors in this market segment offer some hope that the gaps will ultimately be made smaller. However, the newer alternatives should be considered carefully and be thoroughly tested.

In conjunction with our partners we are able to offer any organisation the ability to test the Encase Endpoint Security (EES) solutions’ effectiveness alongside their existing endpoint deployment. This exercise is straightforward given the lightweight design of the agent. Integration of EES with elements of a planned or existing security architecture is also readily tested adding value to SIEM systems, inputting Threat Intelligence feeds and Indicators of Compromise.

For more details on Guidance Software, their innovative Encase range of solutions and our trial offer contact -

Mike Conboy - mike.conboy@mpa.co.nz

Bruce Armstrong - bruce.armstrong@mpa.co.nz

Mark Heard - mark.heard@mpa.co.nz

To download – 5 Takeaways from the SANS Survey on Endpoint Security – Click Here


Mike Conboy -

Mike has over 20 years’ experience in the New Zealand Security Industry covering a variety of roles including Systems Engineering, Product Management, Business Management and Development.

Originally engaged within UK Defence and Telecommunication Industries, Mike emigrated to NZ in the early 90’s and has provided service to clients via Systems Integrators, Value Added Distribution, Consultancy and Managed Security Services.

Mike is a Chartered IT Professional (Fin, Info Sec) with MSc (Info Systems Engineering) and a BSc (Physics, Electronics).

Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >