Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2455
Views
0
Helpful
3
Replies

Spero and ETHOS

Go to solution
llomjaria
Level 1
Level 1

‎10-26-2022 07:34 AM

Hello,

I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine.

I could not find DETAILED information about how these engines work and what they do.

Would be grateful if someone provides documentation.

Thanks  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎11-02-2022 12:21 PM

Hello @llomjaria ,
enclosed some infos:

SPERO (Machine Learning): We use hundreds of infos of a file, which we call a SPERO fingerprint. This is sent to the cloud and SPERO trees determine whether a file is malicious. Note, a Spero Hash is a hash based on file characteristics, not the file itself

ETHOS (File Grouping): The engine is designed to detect polymorphic threats by checking specific characteristics of a file. Much malware tries to pack/unpack/re-pack to change itself and to hide from detection. The engine is detection such activity and is able to "group" an unknown file based on its behaviour to a known malware family.

Greetings,
Thorsten

View solution in original post

0 Helpful
3 Replies 3

Go to solution
llomjaria
Level 1
Level 1
In response to Ken Stieers

‎10-26-2022 11:42 PM

Thank you for the information.

It's useful but not as detailed. 

0 Helpful

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎11-02-2022 12:21 PM

Hello @llomjaria ,
enclosed some infos:

SPERO (Machine Learning): We use hundreds of infos of a file, which we call a SPERO fingerprint. This is sent to the cloud and SPERO trees determine whether a file is malicious. Note, a Spero Hash is a hash based on file characteristics, not the file itself

ETHOS (File Grouping): The engine is designed to detect polymorphic threats by checking specific characteristics of a file. Much malware tries to pack/unpack/re-pack to change itself and to hide from detection. The engine is detection such activity and is able to "group" an unknown file based on its behaviour to a known malware family.

Greetings,
Thorsten

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents