X by Invincea
August 22, 2016
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Simple to deploy and powerful endpoint anti-malware protection with lots of flexibility.
- Weaknesses: Not current with Chrome releases and the inability of the administrator to change an admin user’s role both are shortcomings, the latter more important than the former.
- Verdict: This is a very powerful tool and certainly deserves your consideration. Administrators should be trained and understand what is involved with deploying and where caution areas exist.
X by Invincea is an endpoint protection tool that is focused strongly on malware protection. It approaches malware protection by isolating execution or by using next-generation detection algorithms. If the isolation option is used for email, when a piece of malware tries to execute or when a spear-phishing message tries to redirect the user, it is isolated from the rest of the computer and cannot infect or redirect. Being a next-generation tool, it uses an advanced form of machine learning. It is not, therefore, dependent on signatures.
There are two components to X: the endpoint agent and the management server. We had virtually no trouble installing X in our test environment - with the exception that there are limitations on the versions of Google Chrome that it supports. Ours, it turns out, was too new. When we moved to a Microsoft browser, we had no trouble. We do think that, because this is not totally a Microsoft world, products need to stay current with the most important browsers, and, certainly, Chrome is one of those.
The endpoint agent is lightweight - 100MB RAM and one percent CPU - so there is no performance hit. Detection is accomplished by monitoring process activity on the endpoint. Prevention is a function of the machine-learning algorithms and isolation is localised to the execution of a process, preventing the process from accessing resources outside of the container. Should an infection-attempt occur, reverting to the pre-infection state is simple. Deploying the isolation within the endpoint simply required clicking an icon. Of course, the isolation feature must be enabled by the administrator.
The system is policy-driven and it is straightforward to manage policies and end-user functionality. Additionally, users are given some measure of control by allowing some limited user configuration. When the user and the administrator have selected isolation - the admin deploying it and the user invoking it - downloaded files need a digital signature. Without the signature they cannot be downloaded. There are quite a few features connected with the isolation capability and they usually can be invoked by either the user or the administrator - depending on how the administrator has set the system up. We really cannot see why isolation would not be every user's choice. Certainly, administrators should make it available.
Another of the isolation features is document protection. With this, users can restrict activities involving protected documents. Added to application protection, the isolation capability becomes very powerful. One thing that we particularly liked was the extensive collection of pop-up notification letting us know what the tool was doing at the moment. There also is an excellent alerting popup that contains a lot of detail.
We sort of put the cart before the horse in that we deployed an endpoint before the management console. When we deployed the management console, we were pleased that it had no trouble seeing our endpoint. It's really not a good idea to do this, though. We had to go back into the endpoint for configuration. We did that from the management console though, so it only was a minor inconvenience. As a colleague has expressed it, we suffered a self-inflicted wound.
The management console is very easy to use. The admin landing page let us manage activities, such upgrades and configuration. We also saw summaries of threat data. The default tab on the landing page is the user tab from with the administrator manages the users in the enterprise. Users can be created, modified and removed. The ability of the user to make the kinds of choices - changes, really - discussed above is controlled by the role-based admin flags. One security area that concerned us was the inability of the administrator to remove admin rights from a user. Only the user can remove those rights. We think that is potentially a serious security flaw. The workaround, of course, is to give the pseudo-superusers modify rather than admins rights. However, a careless or new administrator could inadvertently give the wrong rights for the best of reasons and then lose control over the endpoint.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime