Watch Tower will provide recommendations for remediation if necessary as well. Queries to leverage for hunt or STAR rules
SentinelOne Watch Tower will provide you with active Threat Hunting services and notifications of threat identified within your network. Normally this will increase the cost of your licensing, but will include quick detection and diagnosis of exposure to current threats, emergency triage and response, as well as monthly digest of hunting activities. With N-able EDR you can rely on SentinelOne researches (Watch Tower - Emerging Threat hunting service) to do the heavy lifting for you. Here is where you would normally need more expertise and the truth is that not all IT service providers feel comfortable offering this type of service as it most commonly offered by MSSPs. In case your customers require more active approach to threats you can always add Threat Hunting services on top of your EDR offering. This is all available in base EDR package that we call CONTROL Reverse all changes done to device itself (by ransomware for example) and give you detailed forensics about the scope of the attack. To put it simply, when threat is detected it can prevent lateral movement by disconnecting device from the network.
Multiple AI engines (Static AI engines, Behavioral AI, Documents, Scripts, Lateral movement, Anti Exploitation - Fileless attacks, Potentially unwanted applications, Application control, Intrusion detection)Īutomatic rollback (reverse changes done to system by suspicious activities) Once set up, it can fully take over the protection and remediation activities with a robust set of features: N-able EDR (powered by Sentinel One) makes it extremely simple to set up policies and automate responses to different type of events. We will not go deeper into this here, you can find more detailed comparison between the two in our previous blogs ( EDR Demystified). This is also one of main differences between EDR and AV solutions. You can transition to more specialized services when the time is right.ĮDR solutions are based on Artificial Intelligence and include multiple AI engines that monitor both, pre-execution and post-execution behavior of files and processes. It is important to note here that even basic EDR offering provides better protection from most advanced threats than standard AV solutions, so having standard EDR offering as a part of your baseline or layered security strategy is a great start. First will be your business plan, meaning what type of service do you plan to offer (are you an MSP or MSSP?). Which version fits your needs?Įvery IT service provider needs to define their security baseline and your offering will depend on two important factors. Having flexibility when it comes to your EDR offering and a vendor that supports you along the way is the key. As we progress to more demanding customers we are faced with more demanding challenges. When offering standard EDR services, you might face pricing/licensing challenges and struggle to educate end-users about benefits of EDR solutions. This will naturally depend on the type and level of service you are providing.
0 kommentar(er)
