Endpoint Analytics Security System

Maddrix Endpoint Analytics Security Solution (ePASS) Can Be Deployed To The Enterprise In Minutes And Identify Advanced Threat Actors That Can’t Be Detected With Traditional Signature Based Solutions

Our ePASS solution is the industry’s first endpoint analytics system that enables you to rapidly identify undetected threat actors and malware operating on your network – without traditional signatures or indicators of compromise (of course, ePASS can search for these too). Our ePASS solution is available to U.S. government agencies with no licensing fees or additional costs on contracts we support, including sub-contractor support.

How ePASS Works

ePASS is a client-server application that uses a data collection client deployed to the endpoint, and an advanced analytics application that analyzes the data collected by the client. Its primary detection capability is through the use of analytical vector reports, but it also detects threats with traditional indicators of compromise including domain names, IP addresses, and MD5 hashes. ePASS can also use advanced indicators of compromise including file/process mutant, commands the attacker ran, and other indicators. Finally, ePASS uses multi-part indicators, which is a combination of one or more indicators that must be present to trigger an alert.


Through its advanced interface, users can quickly construct advanced queries that target malware or threat actor tradecraft. These reports, called vector reports, are then saved and available for future use. There are approximately 500 analytics vector reports that come standard with ePASS.

Integrates With Other Host & Network Solutions

    Import/Export indicators including MD5s, IPs, domains, file names, etc.
    Export malware reports for external use
    Use organization specific black/white list
    Use custom black/white lists for specific threat actor groups
    Share indicators and other information with other monitoring solutions

ePASS application Features

    No persistent client on the endpoint.
    Scales to any size network.
    Deploys to the enterprise in minutes.
    Small collection from endpoint, 10k-15k per system.
    Analytics can be performed onsite or remotely.
    No perceptible impact to the endpoint during the 2-4 minute scan.
    Rapidly identify malwarewithoutsignatures or indicators of compromise.
    Concurrently scan endpoints for thousands of indicators of compromise.
    Include custom indicators of compromise sets with each scan.
    Capture historical “snapshots” of endpoints for future use.
    Scan time automated email alerts available (requires SMTP relay or via our collection system).

Additional Information

If you are interested in more information on our ePASS solution, you can contact us at 855-MADDRIX or email info@maddrix.com and we’ll provide additional information and discuss your specific requirements.