As many of you may know, the MSI team has been hard at work the last several months finishing the beta of our new compromised workstation detection product, HoneyPoint Wasp. It is a fully integrated component of HoneyPoint Security Server, capable of executing distributed detection and threat monitoring on Windows workstations across enterprises. The initial feedback by the beta group have been absolutely amazing. We are finding bots, malware and compromised hosts in a variety of locations, once thought to be “clean” and “safe”.
Wasp accomplishes this mission by being deployed as a service on workstations and by monitoring for the most common signs of compromise. It can watch for changes in the users, admins, port postures and such. It does white list detection of the running processes and it is even capable of detecting DNS tampering and changes to selected files on the operating system.
Even better, it does this work without the need for workstation event logs, signature updates or tuning. It “learns” about the workstation on which it is deployed and adapts its detection techniques to focus on important changes over the long run.
We designed Wasp to be easy to install, easy to manage and to be transparent to the end – user. As such, it is deployed as a 0-interface piece of software. There are no pop-ups, no GUI and no interaction at all with the user. All alerts are routed to the HoneyPoint console and the security team, eliminating any chance of increased help desk calls, user push back and confusion.
In the next couple of weeks, we will be making some announcements about the general availability of the Wasp product. I hope you will join me in my excitement when we announce this launch. In the meantime, think about what you are doing today to protect against initial stage compromises and congratulate the MSI development team and our beta testers on a job well done. I think you are going to be amazed at how easy, capable and advanced Wasp is, when it is released. I know I continue to be amazed at what it is detecting and how much stuff has evaded current detection techniques.
In the meantime, while we await the full release, check out this PDF for some more information about where we are going with Wasp and our HoneyPoint product line. I think you are going to like the diagrams and the explanations. If you would like to book a special sneak preview of Wasp and the rest of HoneyPoint, give your account executive a call. We will be happy to sit down and discuss it with you. As always, thanks for reading!