Endpoint Detection & Response
Files Access Monitoring
Implement a crown jewel defense by monitoring suspicious file read events on your endpoints. It’s easier to predict what a threat actor will target than how they’ll do it. Phorion’s file read event monitoring empowers defenders to stay one step ahead.
Access to Raw Telemetry
Phorion is committed to giving analysts access to the information they need, no matter the depth. Our platform is designed to offer multiple layers of visibility - from generated alerts and summarized logs to raw endpoint events - empowering analysts to perform at their best.
Performance Obsessed
Your users hate security products that slow down their devices? We do too. Phorion's agent is native code, built with performance in mind.
Features
Phorion was developed with an unwavering focus on macOS security. Each feature was crafted from years of experience of attacking and defending macOS estates.
Endpoint Security Framework
The Phorion agent subscribes to Apple's Endpoint Security Framework for real-time event logging. Phorion continuously evolves the kind of ESF events being ingested, to evolve as Apple's framework matures.
File Read Events
A simple and yet critical feature of the Phorion agent - the ingestion of file read events. Implement a crown jewel defence by monitoring any and all access to your critically sensitive files.
Managed Threat Hunting
Phorion’s extensive telemetry collection provides the ideal hunting ground for analysts of any level. Dive into the logs directly or leverage the expertise of Phorion’s seasoned macOS researchers to uncover threats in your environment.
Network Telemetry
Leverage Phorion's network extension to monitor malicious connections, providing critical insight into the full kill chain for comprehensive threat detection.
Unified Log
Phorion's Unified Log module enables teams to utilise the abundance of information that gets stored within Apple's Unified log.
TCC Usage
Building upon Phorion's Kronos tool - utilise the Platform to evaluate TCC permissions and to track application usage. An invaluable insight for detecting suspicious application behaviour.
Log Secret Scrubbing
Phorion’s customizable secret scrubbing feature removes sensitive information from log events before they leave your device. You can add your own secrets to ensure no critical data is exposed.
Pre-built Detections
Phorion's out of the box detection capabilities are built upon the latest threat intelligence and years of experience attacking and defending macOS estates.
Detection development portal
Our customers are encouraged to bring their detection development expertise to the Phorion platform. Our custom rules permit Blue Teams to enhance the platform's capabilities with detections tailored to their own environments.
Rule tuning
Alerts can be tuned to your environment, ensuring that you are only alerted to the most critical threats. Phorion's detection development portal provides a simple and intuitive interface for tuning rules.
Live Response
Access a live terminal to triage and remediate incidents in real-time. Phorion's live response tool is fortified with safeguards, ensuring you can address incidents confidently while preventing feature misuse.
Device Isolation
Isolate compromised endpoints during incident response. With Phorion's network extension, analysts can block ongoing network connections from devices under investigation.
Security Controls
Shape the battlefield by ensuring your estate is equipped with endpoints configured to meet your security standards. Phorion’s security control monitoring offers a simple, intuitive interface, empowering you to easily verify that your endpoints adhere to those standards.
Persistence Monitoring
Identify and track the items that persist on each of your devices. Phorion's persistence tracking capabilities can be crucial during the investigation of a security incident.
Come chat to us!
Ready to elevate your macOS detection? Phorion is now open to customers committed to advancing their defensive capabilities. Experience unparalleled macOS security designed for defenders, by defenders. Request a demo today and enhance your protection.