Swiss cyber protection vendor Acronis International GmbH this week launched Acronis Advanced Security+ Endpoint Detection & Response (EDR), an offering it said is targeted at managed service providers (MSPs) and the businesses they serve, to deploy improved security and data protection.
- Optimized Incident Analysis, which the firm said can quickly analyze and prioritize security incidents and potential attacks without relying on costly security expertise or time-consuming processes.
- Integrated Security with Backup & Recovery, which is designed to minimize downtime and maintain business continuity in the event of an attack.
- Increase visibility across MITRE ATT&CK to rapidly grasp attack analysis and impact, including how an attack got in, what harm it caused, and how it potentially spread, Acronis said. The Adversarial Tactics, Techniques, and Common Knowledge, aka MITRE ATT&CK is, according to Mitre Corp., which created and released it in 2013, a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
Michael Suby, research vice president of security and trust at IDC, said that with the “proliferation of endpoints and increasing frequency of cyber threats, EDR has become a mission-critical tool in incident response and the fight for data protection. But solutions that are difficult to deploy and maintain are an obstacle.”
The best offerings, he added, “deliver the advanced security of EDR and meet the needs of the IT professionals who use it. That means easy deployments and rapid detection, response, and recovery, with AI on board.”
At a press and analyst briefing held on Tuesday, Candid Wüest, vice-president of research at Schaffhausen, Switzerland-headquartered Acronis, discussed the need for EDR advances in light of the rise of ChatGPT, Google Bard, Microsoft Bing, and other large language models to help generate phishing emails.
“By analyzing the text messages, we can see that yes, the attackers have started using them,” he said.
The sophistication of the attacker community, said Eric O’Neill, a former counterintelligence officer with the U.S. Federal Bureau of Investigation (FBI) who also spoke at the briefing, is another reason why sound EDR security practices need to be adopted.
“As a cybersecurity expert, I have witnessed firsthand the evolution of EDR and how it has revolutionized the way we approach security,” said O’Neill, who played a major role in the arrest of Robert Philip Hanssen, an FBI agent who spied for Soviet and Russian intelligence services against the U.S. from 1979 to 2001. His work in the arrest resulted in Hanssen receiving 15 consecutive life sentences at a maximum security prison in Florence, Colorado.
“EDR allows security personnel to efficiently investigate, remediate and recover from potential incidents, while also reducing the attack surface and threat actor dwell time.”
O’Neill said this is paramount. “In order to stop spies and cyber criminals from stealing, destroying, and encrypting all our data – the data that is the currency of our lives – we need to move security as close as possible to the humans who are making the mistake.
“Enter EDR. Remember that spear phishing is still the number one vector for successful cyber attacks. In fact, statistically 25 per cent of humans, and it doesn’t matter how much training they receive, will click on that link or that attachment that they know they should not.
“And so, endpoint detection and response – and those are important terms – is critical technology to prevent, detect, and respond to the attacks. Endpoint is special because it pushes security as close to the human as possible, right on their device, on the phone or on the laptop or tablet that they are using to access that data and, today more than ever, directly through the cloud.”
By pushing the security close to the human, said O’Neill, “you are pushing that security closest to the person who will make the mistake and let the attacker in. This allows response using AI and analytics and the best minds to stop the attack at the point of origin and before it spreads.
“As soon as that person makes the mistake, the idea is that EDR will identify the problem and say ‘that this is a bad unknown. They’re doing something that they shouldn’t be doing, or they don’t normally do. Let’s lock down that endpoint. Take a hard look at it, conduct the investigation, and make sure this isn’t a spy or criminal trying to exploit someone’s credentials.’ EDR is also the core principle of Zero Trust, the only effective way to stop cyber criminals and spies.”
Pricing for the new Acronis EDR offering was not released.