Intezer Protect (CWPP): How it Works - Intezer

Intezer Protect: How it Works

Written by Intezer

    Share article
    FacebookTwitterLinkedInRedditCopy Link

    Top Blogs

    Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Malware Analysis technology, this solution continuously monitors the code running in your cloud, alerting you on any unauthorized or malicious activity  — while making no impact to performance.

    Continue reading below to discover how this product works, taking into account modern, cloud-native needs such as scalability, performance and extremely low SecOps overhead.

    Seamless Deployment
    We provide a simple one-liner shell command or a configuration management (CM) tool script (e.g. Chef, Puppet, Ansible) to quickly install our sensor on your servers. Intezer Protect is designed to fit into your existing infrastructure, including different cloud providers, various versions of Linux, containerized or Kubernetes-powered environments and more. After this seamless installation, users can login to our SaaS-based dashboard to immediately get started.

    No Configuration Required
    Leveraging Genetic Malware Analysis technology, we automatically create a genetic profile from the existing software and code running on your cloud workloads. Unlike other security solutions in the market, this method generates a powerful and flexible runtime baseline that doesn’t require configuration or training from the user.

    Continuous Monitoring and Protection
    Intezer Protect monitors for any changes in the software, code, processes, or programs running on your cloud infrastructure. Any new code detected is automatically analyzed using Genetic Malware Analysis, to identify any small fragment of malicious code, or any substantial deviation from your existing runtime ecosystem. This granular type of in-memory monitoring enables you to detect extremely sophisticated cyber threats, such as exploitation of unknown vulnerabilities, injected code, fileless malware and more.

    Alerts
    Once we have detected malicious or unauthorized code running on your system, we alert about the intrusion and provide you with rich context, such as the exact process and container of the attack, the type of threat (malware family) and connections to previous incidents. Focusing on code-driven detection rather than behavioral (anomaly-based) detection allows us to produce only high confidence alerts.

    Mitigation
    We provide a quick and automatic way to immediately terminate the malicious or unauthorized code running in your cloud infrastructure, without interrupting business continuity or the normal operation of your production environment.

    Visibility
    In addition to protecting your cloud workloads, by diagnosing the origins of all software running on your cloud environment you gain in-depth runtime visibility — so even during quiet times with no alerts, you have the peace of mind knowing that only trusted software is running on your systems.
    cloud workloads
    Intezer protects your cloud infrastructure against data breaches, unauthorized code, exploitation of known and unknown vulnerabilities, cryptominers, fileless malware and APTs, and countless other cyber threats.

    Download our brochure to learn about the features and benefits of Intezer Protect

    Intezer

    Count on Intezer’s Autonomous SOC solution to handle the security operations grunt work. Try it yourself for free: analyze.intezer.com

    New: Connect Microsoft Defender with Intezer's Autonomous SOC solutionNew: Connect Microsoft Defender with Intezer's Autonomous SOC solution Learn more
    Generic filters
    Exact matches only
    Search in title
    Search in content
    Search in excerpt