Endgame simplifies endpoint protection by leveraging advanced machine learning technology. The company has designed the tool with ease of use in mind, catering to security operators of any skill level, to deliver full-force protection to stop everything from ransomware to phishing to targeted attacks. A unique hybrid architecture delivers cloud administration and data localization to meet industry, regulatory and global compliance requirements.
Endgame features a three-tiered model for data storage options. Endgame Agent functions as the decisionmaker. It combines multiple innovations into a single, lightweight, tamper-resistant agent that can operate autonomously. The Operations Platform serves as the command and control, providing an interface for agent management and administration across all workflows for incident response and threat hunt operations. Endgame Global is an enrichment and delivery service option available regardless of selected deployment. It delivers a common interface and access to all event data with contextual information across even the most complex, distributed organizations.
Designed as a cloud-first solution with on-premises options and configurable data control, Endgame is GDPR-validated with privacy built-in by design. It offers full coverage for enterprises in the hybrid world with an autonomous agent to ensure equal efficacy for disconnected systems, giving protection that is always-on for off-network assets.
We found the dashboard in the testing environment to be clean and easy to follow. After putting Endgame through testing, detections quickly populated the dashboard. When we went into one of the alerts received, we were pleased with how quickly we could drill into the malicious files for visibility into what they were attempting to do. Using the process tree, we tracked those threats down and saw the files it had spawned.
A unique feature was Artemis, a chatbot built into the portal, designed for natural language investigations. This feature greatly simplified the EDR tool’s ease of use as recognized by MITRE. Artemis also has search capabilities for data stacking, sequential analysis and launching investigations to obtain full context and visibility into attacks. We found the EQL Rule section interesting because it allows for the customization of queries in the event of an alert.
Overall, Endgame appeared to be a solid solution. Through the storyboarding capability and advanced search features even an intermediate-level support agent can thoroughly understand a threat to the network and follow it through to remediation.
Tested by Tom Weil