In this new remote workforce world we now find ourselves in, the threat landscape has shifted once more. For many organizations this if the first time that they find their workers outside the comfort of the office and its security safeguards and thrust into the unknown of the home office life.
This shift opens new areas of vulnerability to organizations that they have not had to face before. The change to a remote workforce is stretching security professionals and requires that they are able to maintain the same level of protection remotely that they had previously been providing within the office environment for their users.
One of the tools that will provide the maximum amount of protection is a Next-Gen Anti-Virus (NGAV) or Endpoint Detection and Response (EDR) product.
Datashield has partnered with some of the industry leaders in the NGAV and EDR space: VMWare Carbon Black, Crowdstrike, SentinelOne and Microsoft. These companies are leading the way in protecting endpoints and can be a real benefit to the remote workforce.
- Easy to install/lightweight agents: Leading NGAV/EDR providers are able to provision their agent quickly and efficiently. Many organizations are faced with the problem of quickly mobilizing a remote workforce. This included procuring and provisioning laptops for all to use. With an easy to install agent, protection for these new devices were attained quickly and efficiently.
- Enriched Monitoring: EDR tools provide the ability for security analysts to monitor at the endpoint getting a real view as to what is occurring and making data-based decisions to close security gaps.
- Alerting and Prevention at the endpoint: A quality NGAV-EDR tool will stop malware, ransomware, and non-malware attacks at the endpoint while blocking emerging, never-before-seen attacks.
- Centralized Monitoring: A remote workforce requires that security professionals are able to monitor from a centralized view. NGAV/EDR tools allows for this capability as well as the ability to take actions such as quarantining machines from the network and taking devices offline as needed.
Many top EDR companies reacted quickly to help their customers move to a remote workforce. As an example:
- VMWare Carbon Black removed their license limits for current customers allowing them to deploy their agent to all users. You can read more about it here.
- SentinelOne is offering their SentinelOne CORE and rapid deployment services are offered free of charge until May 15th. Read about it here
- Crowdstrike offered a similar option as Carbon Black as well as opened up their tool Falcon Prevent to organizations with a low-cost option for securing employees’ home Windows devices, leveraging CrowdStrike’s cloud-native Falcon® platform and lightweight agent. More info here
- Microsoft has provided some helpful tips on protecting your remote workforce here
The Datashield Advantage
Datashield dives into the technical details to provide the high-level summary and escalation that customers need. We provide monitoring of NGAV/EDR tools. Our MDR service for Endpoint Detection and Response provides:
Security Operations Centers (SOC) are expensive from both a cost on management perspective. A typical in-house, 24x7 SOC is comprised of analysts, engineers, and threat intel specialists who provide up-to-date information on all the current threats and technologies which, for most companies, is simply not in the budget. Datashield provides all sized organizations with the coverage needed to stay protected in the vast threat landscape.
Triage and Investigate Events
With Datashield as an extension of your security team, we help ease the time constraint on your staff by triaging and investigating security events. Our analysts have extensive experience supporting deployments of all sizes and tuning the tool to each and every specific environment. While there is no “silver-bullet” to security, the Datashield escalation process is made easier which allows us to work with you and your team through any incident.
A big advantage of having Datashield on your side is that we will provide detailed forensic analysis of security events which takes the guesswork out of what happened, what is the potential repercussions, and what actions need to be taken. Datashield takes advantage of the MITRE ATT&CK framework for analysis and investigations. This helps to streamline our investigations and standardize our investigative details back to you the customer.
Proper Onboarding and Deployment
For many organizations deploying robust endpoint protections can take invaluable time to properly be deployed. With Datashield security professionals, our customers are eased thorough an onboarding process to ensure proper efficient setup and tuning. The beginning to any healthy relationship is starting off on the right foot and onboarding this is the first opportunity to bridge the gap understanding your business environment and improving your security posture.
Policy and Rule Tuning
As organizations grow and change so should all security tools and tuning policy rules to work effectively in an environment. Both foundational and customized rules allow for a better security presence and minimize alert fatigue.
Regular maintenance after the initial onboarding and policy tuning continue well into the relationship as false positive situations will occur. As we work in your environment, we will make ongoing recommendations for whitelisting which allows you to focus on the real-time threats.
Integration into SIEM
SIEM (Security Information and Event Management) integrations allow analysts to expand their investigation capabilities when monitoring your environment. With the ability to see an event from multiple angles (i.e. EDR, logs, network traffic), Datashield analysts can come to a clearer understanding of what happened during a security event and present a more complete root cause analysis.
Is your organization looking to take its remote workplace security to the next level with Next Generation Anti-Virus and Endpoint Detection and Response products?
Datashield consults with businesses of all sizes and industries to help implement the best solution for their organization.