Verizon ICSA Labs tested the detection capabilities of RevBits Endpoint Security with a mix primarily composed of new and little-known malicious threats while challenging its reporting of false positives
Explore Our ResultsRansomware and malware incidents are stories of failed endpoint security. RevBIts Endpoint Security delivers better protection of the endpoint and will deliver organizations a safer network by preventing malware from successful lateral movement in the environment.
Request a DemoRevBits Endpoint Security conducts a unique three-phase analysis on all new executables. This analysis includes signature scanning, machine learning and behavioral analysis, which maximizes the accuracy of malware detection and minimizes false positives.
Thorough, low-level details of processes, threads, registry, filesystem and kernel are visible and controllable through RevBits EDR GUI, not a simple command-line. System administrators can execute commands in powershell or command prompt on workstations. Single click forensic evidence extraction, memory imaging and disk imaging features make RevBits EDR the most sophisticated EDR solution on the market.
RevBits Endpoint Security provides an easy-to-understand, real-time view of threats through its modern web interface. The dashboard presents extensive historical information of all executables in a clear and simple mosaic, and maintains detailed process information for six months. Single-click hash whitelisting or blacklisting is also available.
RevBits Endpoint Security automatically detects, classifies, blocks and reports exploit attempts of vulnerabilities, including Zero-days. The RevBits Phoenix module (part of RevBits Endpoint Security) detects and classifies all common exploit techniques, including but not limited to heap overflow, buffer overflow, memory corruption, use-after-free, RoP gadgets, heap spraying and more.
RevBits Endpoint Security records and reports all executed commands and scripts in all command and script interpreters including Windows Command Prompt, Powershell, VBScript and JScript.
RevBits Endpoint Security USB Device Policies can be used to whitelist or blacklist all USB devices. Whitelisting and blacklisting can be applied by Vendor ID, Product ID, or device type (e.g. webcams, wireless adapters, storage, etc.).
Attacks using rootkits to exploit trusted drivers are on the rise. RevBits Endpoint Security provides full visibility to the kernel and blocks all unauthorized signed or unsigned drivers from accessing the kernel.
Automatically or manually protect any network by confining potentially-infected hosts.
System administrators can fine tune network and firewall rules for both individual and groups of workstations.
On-demand or automatic pre-shutdown forensic evidence extraction to assist in fast incident response.
RevBits Endpoint Security's sophisticated file system sandboxing feature can detect and block all types of simple and sophisticated ransomware.
RevBits Endpoint Security records all process execution and termination information, including hashes (MD5, SHA1 and SHA2), workstation, username and time stamp for 6 months.
RevBits Endpoint Security integrates seemlesly with all SIEM solutions. Administrators will also receive SMS and email notifications when an incident occurs.
RevBits Endpoint Security ensures IIS application protection by monitoring the IIS Server to detect and block the malicious act of dropped web shells.
RevBits Endpoint Security actively receives and parses Department of Homeland Security intelligence feeds for malicious IP addresses.
RevBits Endpoint Security is fully mapped to the MITRE ATT&CK framework to enhance threat detection and remediation.
Administrators can create, deploy and run MSI, EXE and Scripts from within the administration panel to connected endpoints. Mass deployment of scripts allows administrators to conduct searches and receive the generated output back to the administration panel.
RevBits Endpoint Security offers multitenancy capability for MSSP and MSP partners. Security service providers can offer their clients the most effective endpoint security solution and the most robust EDR product on the market and manage multiple clients through one administrative panel.
RevBits Endpoint Security provides system administrators with a quick reference graph to show a malicious executable's process flow. With this quick visual graph, administrators can easily determine an executable’s main activity and distinguish between ransomware, backdoors, spyware and other types of malicious processes.
As an entirely remote software, RevBits Endpoint Security allows users to be in control of endpoint protection at all times. Conduct investigations from anywhere while RevBits Endpoint Security software protects every system in real-time, minimizing risk to threats.