EndPoint Security

EndPoint Security offers comprehensive protection for devices with services like Centrally Managed Device Encryption, EndPoint Protection, and advanced detection and response solutions (EDR and MDR) to secure endpoints from malware, ransomware, and other cyber threats.

Centrally Managed Device Encryption

This service ensures that all endpoint devices are encrypted and centrally managed, providing a secure environment for sensitive data. It simplifies encryption management and ensures compliance with data protection regulations.

Full-Disk Encryption

Outsource the monitoring, education, and management of your Anti-phishing programs. SSG will recommend and provision the latest Anti-phishing Email licensing and tools, and make sure your internal Anti-Phishing programs are always up-to-date.

Pre-Boot Authentication

Provides an additional layer of security by requiring authentication before the operating system starts. This can be a PIN, password, or USB key.

Network Unlock

Automatically unlocks BitLocker-encrypted devices in trusted network environments, allowing seamless rebooting without requiring user interaction in corporate networks.

Automatic Device Encryption

On devices meeting the security hardware requirements, BitLocker automatically encrypts the device without user intervention, simplifying the encryption process for end-users.

Compliance Reporting and Auditing

Provides auditing and compliance reporting tools to ensure encryption policies are enforced, with logs detailing encryption statuses and access events.

Integration with Microsoft EndPoint Manager (InTune)

BitLocker can be deployed, managed, and monitored via Microsoft Intune, enabling organizations to enforce encryption policies remotely across all devices.

TPM (Trusted Platform Module) Integration

Phishing simulation software offers comprehensive reporting and analytics capabilities, allowing organizations to evaluate the efficacy of their cyber security training initiatives and gauge employee performance.

Centrally Managed Recovery Keys

Allows recovery keys to be stored and managed centrally, typically through Active Directory or Azure AD, enabling IT teams to easily retrieve them if needed for unlocking drives.

Data Encryption for Removable Drives

Extends encryption to external drives like USB sticks, ensuring that removable media are protected when connected to any device, minimizing data leakage.

Multi-Factor Authentication Support

Allows the use of multiple authentication factors (e.g., PIN and TPM) to increase security for critical systems and sensitive data.

Performance Optimisation

BitLocker is designed to run with minimal impact on system performance, leveraging hardware acceleration when available for efficient encryption and decryption.

Secure Decryption and Data Recovery

Recovery keys and passwords ensure data can be securely decrypted in case of system failures or lost credentials, without compromising data integrity.

EndPoint Protection

EndPoint Protection is a security solution designed to safeguard endpoints such as desktops, laptops, mobile devices, and servers from a variety of cyber threats, including viruses, malware, ransomware, and unauthorized access.

Integrated Risk Analytics

Continuously analyse endpoint risks to uncover and prioritise misconfigurations and enable automatic hardening actions to remedy vulnerabilities. Identify user actions and behaviour that pose a security risk to your organisation, including logging into insecure websites, poor password management, and compromised USB usage.

Human Risk Analytics

Helps identify user actions and behaviors that pose a security risk to the organization such as using unencrypted web pages for logging into websites, poor password management, usage of compromised USBs in the organization’s network, recurrent infections etc.

By placing the human element in the middle of the risk analytics and management strategy, your organization becomes even harder to breach.

End-to-end Attack Forensics

Attack forensics and visualization enhance the level of visibility into your organization’s threat landscape and reveals the broader context of attacks on endpoints. It lets you zero in on specific threats and take corrective action

HyperDetect Blocks File-Less Attacks at Pre-Execution

HyperDetect contains machine learning models and stealth attack detection technology that is designed to detect attacks and suspicious activities in the pre-execution stage.

Sandbox Analyzer Enhances Targeted Attack Detection

Sandbox Analyzer provides pre-execution detection of advanced attacks. It automatically sends files that require further analysis to a cloud sandbox, then takes appropriate action based on the sandbox findings.

Ransomware Prevention and Mitigation

Beating ransomware requires understanding the full cyber kill chain and mapping defenses to each attack stage.

Ransomware prevention and mitigation is built into the GravityZone Management Console and consists of:

• Automatic, up-to-date tamperproof backup copies of user files, without using shadow copies;

• Blocking and prevention capabilities (Fileless Attack Defense; Network Attack Defense; Advanced Anti-Exploit; Machine Learning Anti-Malware);

• Multiple detection layers (Process inspection, registry monitoring, code inspection, Hyper Detect);

• User and system risk mitigation technologies.

Layered Defence

Signature-less technologies, including advanced local and cloud machine learning, behavior analysis, integrated sandbox, and device hardening, work as highly effective, layered, protection against sophisticated threats.

Network Attack Defense

Detect and prevent network vulnerability attacks. Network attack defense blocks network attacks including brute force, password stealers, and lateral movement before they can execute. Network attack defense is an important source of information for EDR incident correlations.

Machine Learning Predicts And Blocks Advanced Attacks

GravityZone uses Machine Learning across its entire technology portfolio including the scanning engine, HyperDetect, Sandbox Analyzer, content control and Global Protective Network.

Exploit Defense Safeguards Memory

With Exploit Defence, the list of exploits blocked is extended to the pre-execution stage, protecting against known and unknown exploits early in the attack chain.

EndPoint Detection & Response (EDR)

Threat Detection and Response

EDR continuously monitors endpoints for suspicious activities and anomalies, leveraging advanced analytics and threat intelligence to detect signs of malicious behavior. Upon detecting a threat, it can automatically respond to contain and neutralize the threat, minimizing its impact on the business operations.

Integration with Security Tools

EDR is designed to seamlessly integrate with other security products and tools offered by Six Star Global. This integration facilitates centralised management of security services, allowing us to offer comprehensive security solutions more efficiently.

User and Entity Behaviour Analytics (UEBA)

By employing UEBA, EDR can identify potentially harmful behavior based on deviations from normal user activities and patterns. This helps in detecting insider threats, compromised accounts, and other sophisticated attacks that might not be identified through traditional signature-based detection methods.

Forensic Analysis

Provides detailed forensic tools that allow IT teams or MSPs to investigate security incidents, understand how a breach occurred, and identify the scope of the impact. This capability is crucial for improving security measures and preventing future attacks.

Automation and Orchestration

To streamline the response to cyber threats, EDR includes automation and orchestration features that allow for the creation of pre-defined actions and responses to common threats. This helps in reducing the time and resources required to manage incidents, allowing for quicker mitigation and recovery.

Compliance and Reporting

EDR provides reporting tools that help businesses comply with regulatory requirements by documenting incidents, responses, and ongoing monitoring activities. This is particularly important for businesses in regulated industries or those that handle sensitive data.

Managed Detection & Response (MDR)

Managed Detection and Response (MDR) is a fully managed security service that combines advanced threat detection, incident response, and continuous monitoring. MDR leverages human expertise alongside automated tools to identify and mitigate sophisticated cyber threats in real time, providing businesses with 24/7 protection without requiring in-house security teams.

EndPoint

Windows, macOS and Linux event log monitoring, breach detection, malicious files and processes, threat hunting, intrusion detection, 3rd party NGAV integrations and more.

Cloud

Microsoft 365 security event log monitoring, Azure AD monitoring, Microsoft 365 malicious logins, Secure Score.

24/7 Compehensive Monitoring

Monitor, search, alert and report on the 3 attack pillars: network, cloud and endpoint log data spanning:
* Windows, macOS & Linux security events
* Firewall & network device events
* Office 365 & Azure AD cloud events.

Threat Intelligence & Hunting

Real-time threat intelligence monitoring, connecting to premium intel feed partners giving our customers the largest global repository of threat indicators Our SOC Analysts utilize intel telemetry to hunt bad actors

Intrusion Monitoring

Real-time monitoring of malicious and suspicious activity, identifying indicators such as:
- Connections to terrorist nations
- Unauthorized TCP/UDP services
- Backdoor connections to C2 servers

Network

Firewall and edge device log monitoring integrated with threat reputation, whois and DNS information.

Managed SOC

SSG enhances its Network Operations Centre (NOC) with RocketCyber’s Managed Security Operations Centre (SOC). This service uses RocketCyber’s Threat Monitoring Platform to detect malicious activity across endpoints, networks, and cloud environments. A team of seasoned security experts proactively hunts threats, investigates detections, and collaborates on remediation.

Partnering with SSG and RocketCyber expands your security capabilities with veteran expertise, including experience handling global threats like Code Red Worm, Slammer, Stuxnet, Cryptolocker, and BlueKeep.

Breach Detection

Detect adversaries that evade traditional cyber defenses such as Firewalls and AV. Identifies attacker TTPs and aligns with Mitre Att&ck, producing a forensic timeline of chronological events to deter the intruder before a breach occurs

NextGen Malware Prevention

Use your own malware prevention or leverage our command and control app for Microsoft Defender backed up with a secondary line of defense using RocketCyber's malicious detection of files, tools, processes and more.

PSA Ticketing for Change Control and Compliance Logging

Our SOC analysts investigate each alert, triaging the data and produce a ticket to the Six Star Manage platform accompanied with the remedy details that SSG will enact immediatley.