whatsApp WHATSAPP
Logo
Contact Us Today!
Glasgow 0141 428 4301
Perth 01738 310 271
Full Service IT
Support & Consulting
Glasgow 0141 428 4301 | Perth 01738 310 271
HELPDESK TICKET
Remote Support
Contact
Menu
CALL NOW

Endpoint Detection And Response (EDR)

18 April 2022

How secure is your business?

There is a constant threat and danger to your businesses networks and these threats are created daily by means of ransomware, malware and phishing.  So how do you secure your business network in the face of an ever changing and evolving environment, EDR or Endpoint Detection and Response naturally.  

What is Endpoint Detection and Response?

EDR is a multifaceted solution that will do everything a managed antivirus can and will do but takes things a step further by providing stronger security withing the Cyber Security landscape.
Unlike the traditional Managed Antivirus which can detect and quarantine known threats which have been previously identified, this means there is gap of coverage when a virus is discovered and when your business is protected, threats that haven’t been discovered can operate on its own until the managed antivirus gets an update, which is more a reactive approach.  With EDR, it is proactive, and which uses integrated machine learning and advanced artificial intelligence (AI) to identify suspicious behaviours whether there is a signature or not.

You have all heard of Ransomware, it is when you get notified with a message saying that all your files have been encrypted after you have clicked on an attachment from an email or unintentionally downloaded some malicious script from a website and the only way to get your files and data back is to pay the cybercriminal a very high amount in bitcoin while there is still no guarantee that you will get your files back or indeed intact.

This can happen to any business and here are some shocking facts:

  • Businesses experienced an average of 16.2 days of downtime at the end of 2019 due to ransomware

  • One business will be hit every 11 seconds by a ransomware attack by 2021, according to some predictions

With the dark Web and the ability of cyber criminals to share and sell tools and tactics without being traced and trading in Ransomware tools within the cyber criminal community have created their own micro economy – Ransomware is a big problem and will be around for the foreseeable future.

How EDR can protect your business

Here at Control IT Solutions we use SentinelOne Endpoint Detection and Response for our clients, 

What makes this so good?

  • Outstanding Detection powers – SentinelOne can beat legacy AV hands down at detecting and blocking threats Legacy AV depends on definitions of known viruses, it can only spot what has been found and needs to update is definitions of what a virus is, frequently.  For years we have seen customers get virus’ that no AV can detect, hours later they learn the threat and only then start detecting them.  We have not found any legacy AV product to stand out in this area, all failing due to the same limitations – Signature / Definitions of what a virus is.

SentinelOne does not rely on definitions, in simple terms it uses Machine Learning and AI to look for the characteristics of a virus and threat, so no matter how you disguise it, it can still spot it.  asking questions like:

  • Has this endpoint performed this activity before?

  • Does this file or behaviour exhibit unusual patterns?

  • Why are secured files being looked at or hit

In essence, it uses AI to discover indications of a compromise without having to rely on known indications of compromise (which can be subverted).  Advanced polymorphic viruses (those that can generate modified versions of themselves to counter detection) and zero-day threats (which target and exploit a previously unknown vulnerability) will slip by solutions that can’t ask and answer these questions. EDR not only asks these questions; it also provides the answers we need to address the threats—with options to kill, quarantine, remediate, and rollback.

  • Network Isolation - If a device keeps getting attacked and SentinelOne can’t stop the source it isolates the device from the network, protecting it from further attacks or the device comprising other things on the network while still allowing us to manage it and investigate the issue.

  • Rollback - Should a threat not be stopped, SentinelOne has a feature allowing us to undo what the virus has done to a system.  They only way to demo this is to put it into detect only mode and then deploy Ransomware, then just hit an effective “undo” button, and everything is put back to how it was before the attack!

Watch this feature in action in this 2 min video, you have to see it to believe it -

 

  • Story Line - It’s not enough to accept a threat has done damage—you want to ask yourself how and why we arrived at this point. This is where SentinelOne shines, with active root cause analysis. SentinelOne provides true context via a “visual storyline”.  You can see what process spawned the attack and how it replicated and spread. You’ll also find answers to how the threat is constructed.

  • Light Weight - My first thought was, so all this great power and security, how slow is my machine going to run?  The answer: we found it had no notable impact!  We have been using it internally for some time and it’s been great!  In fact, as you no longer need to run regular scans it's even better than Legacy AV!

Do you need it?

The security world moved from an “if” to “when” approach to security breaches a long time ago.  The statistics are staggering, and the impact of a successful attack can range from the loss of productivity of one user for several hours to the entire organisation for days or weeks and the risk of losing data.  No one is immune and you can never have enough protection.  I can blind you with statistics, but if you have not already been affected by some kind of Malware of Cyberattack it’s only a matter of time and I cannot express how much this will help protect against this.

Just how good is it and how do you know?

  • It is about as good as it gets, but nothing is perfect and there are no sure things in the world of security, it is an ever-evolving world and we need to stay ahead of the criminals.   SentinelOne is an important part of an overall security and protection plan and goes a long way to plugging many of the hole’s legacy AV has had for so many years. 

  • They put their money where their mouth is.  Although we cannot offer this warranty it does show just how confident they are!  They have $1,000,000 warranty against their large enterprise customers getting ransomware! https://www.sentinelone.com/legal/ransomware-warranty/

  • The SentinelOne platform safeguards the world’s organizations including 4 out of the fortune 10! Companies like McKesson, Estée Lauder, Aston Martin, Autodesk, and Jet Blue trust SentinelOne to protect trillions of dollars of enterprise value across millions of endpoints. - https://www.sentinelone.com/customer-page/

SentinelOne is regularly appraised by industry-leading analyst firms and independent 3rd party testing such as:

  • Gartner Best Endpoint Detection and Response (EDR) Solutions as Reviewed by Customer

  • Gartner Best Endpoint Protection Platforms (EPP) as Reviewed by Customer

  • During an independent test simulating a nation state-level attack (about as cunning and clever as it gets) SentinelOne:

  • Had the highest number of combined high-quality detections and the highest number of automated correlations. 

  • SentinelOne had the highest number of tool-only detections and the highest number of human Managed Detection and Response detections. 

  • What was this independent test? 

  • It is carried out by MITRE and their tests are widely accepted in the industry as a leading 3rd party and Independent test of EDR Products 

  • These test results were released Tuesday, April 21, 2020 

  • This test was based on APT29  (https://en.wikipedia.org/wiki/Cozy_Bearwhich is a threat group that has been attributed to the Russian government and has operated since at least 2008.  This group reportedly compromised the Democratic National Committee starting in the summer of 2015 and more recently has been accused by the NSA, NCSC and the CSE of trying to steal data on vaccines and treatments for COVID-19

  • For more info see 

What Devices does it cover?

  • Windows Server

  • Windows Computers

  • Mac’s

  • The Rollback feature only works on Windows

What to do next

  • If you have questions about access control and what might be right for your business, we would be happy to talk them over with you.  Please click here to fill out our contact form and we will get back to you at your convenience.

  • If you are thinking about changing your current IT Service Provider or are looking to take on an uncomplicated IT Company that speaks easy lingo to look after your business, get in touch here or phone 01738 310 271

  • Dowload our EDR Brief here - 

EDR Brief

 
 

 

TAGGED IN: Threats To Small Businesses, Benefits or outsourcing IT support, Perth, Dundee, Fife, Scotland, Stirling, Perthshire, Disaster Recovery, Cyber Security, Phishing, IT Services