News - security

by Alex Teh, CEO at Chillisoft

In recent years we have seen several new vendors in the endpoint security market that have made some progress in terms of gaining market share.
These vendors predominantly operate in the enterprise segment as the cost of their solutions is significantly higher than ESET. Many of them were originally cloud vendors that use elements of AI/Machine learning to augment their protection capabilities and have since evolved to provide detection and
response products, more commonly known as EDR.

With the launch of ESET Enterprise Inspector 1.4 and ESET Dynamic Threat Defense (Cloud Sandboxing) it is in our opinion that ESET is now a few
steps ahead of these new vendors. Coupled with these new technologies is the official launch of ESET ANZ’s channel-friendly cloud service.  Not only is this an enterprise cloud option, but it also ensures data sovereignty as the data never leaves ANZ. This is a crucial consideration as cybersecurity data analytics provided by EDR products can be extremely sensitive. Besides, New Zealand’s Data Protection Bill will take effect on 1 December 2020.

Companies should consider EDR as a key element to endpoint protection in the future.

When deciding if EDR is a necessity for you or your customer, several factors must be taken into consideration. Firstly, by deploying EDR you will need to have the resources, either internally or through a third party, to process and manage the advanced analytics data. There is no point having this data if you cannot investigate the alarms or alerts generated almost in real time. Although we have products like ESET Security Management Center to automate remediation, it still requires humans to perform threat monitoring and threat hunting after the initial threat has been nullified through methods such as network isolation or process termination.

The amount of work required on the EDR is dependent on how effective the endpoint protection product is. If we review other EDR products like Crowdstrike for example, we should first look closely at how the product performs in its primary role of blocking malware with its endpoint protection only. When you look at the test below by AV-Comparatives, Crowdstrike performed poorly.

AV-Comparatives report 2020

What this tells us is that due to the poor endpoint protection performance, vendors like Crowdstrike rely more on EDR than ESET for protection. What the test also indicates is that there were 12 compromises and 8 false alarms that needed to be investigated and remediated. If an incident takes about 30 minutes to investigate, then you are looking at 13 or so hours of analyst work that could have been easily avoided. We believe that EDR should only be used as a last resort rather than being your main line of defence against malware.

In addition, some customers might be misled that ESET purely relies on signature-based protection only. This old-school rhetoric is of course far from the truth. You can see below ESET’s multi-layered approach to security before EDR even comes into picture.

Please allow me to re-emphasise that EDR should only be used as the last line of defence when everything else fails with your endpoint protection. EDR should not be the primary tool for blocking malware. However if customers are looking for that extra level of security, then ESET Enterprise Inspector (EEI) is an EDR solution that should be considered. ESET Inspector is now available on premise or in the ESET ANZ Cloud.  The latest version offers automation and remediation features like network isolation and processes kill. We believe this is an ideal tool for customers that are looking to build SOC services, as well as threat hunting and cyberattack analytics capabilities.

ESET ANZ Cloud is an enterprise cloud service that is now available for partners to use and sell. This SaaS solution resides in two datacentres in NZ and can service MSP and resellers that simply would like to sell ESET Endpoint Protection (EPP) and ESET Enterprise Inspector (EEI) as a service, without the need to worry about having appropriate infrastructure in place. This service comes with monthly billing and yearly billing options.  The multi-tenancy capabilities of this service allow partners to offer customers their own unique login to the dashboard and reports without compromising the integrity of the whole customers database. In addition, we are delighted to share that we will also be introducing a white labelled SOC analyst service for partners who wish to use it.