EDR
Extended Detection and Response (EDR): ESET, CrowdStrike
Click to explore the offer:
What is the Crowdstrike Falcon Insight?
CrowdStrike Falcon Insight is an advanced endpoint detection and response (EDR) solution. It provides continuous monitoring, threat detection and advanced analysis of attacks in the endpoint device environment. Using artificial intelligence and machine learning, it provides comprehensive protection against a variety of cyber threats.
Features of Falcon Insight
Key features and functions of the Crowdstrike Falcon Insight
Real-time detection
Falcon Insight continuously monitors activity on end devices, detecting suspicious behaviour and attacks as they occur.
Artificial intelligence and machine learning
Advanced AI algorithms enable the detection of even the most subtle and advanced threats that may escape traditional solutions.
Behavioural analysis
Falcon Insight analyses the normal behaviour of users and devices, making it easy to detect anomalies that indicate a potential threat.
Tracking the attack
The tool provides detailed tracking of an attack to understand its purpose and method of operation. The system also creates functional data, identifies changes in adversaries' tactics and maps their methods.
Automated response
Falcon Insight can automatically take action in response to detected threats, such as isolating infected devices or blocking malware. The system enables real-time action to stop attacks before they become intrusions. Its response capabilities allow isolation and investigation of compromised systems, as well as direct access to endpoints during analysis.
Full contextual knowledge
Integrated threat analysis provides the full context of the attack, including attribution data.
Presentation of the entire attack via a single screen
The system provides a comprehensive view of the attack from start to finish, with deep context for faster and easier analysis.
Gathering critical details for threat detection and investigative activities
The Falcon Insight driver running from the system kernel captures more than 400 raw events and related information necessary for incident recovery.
Retention of up to 90 days
Falcon Insight provides a complete record of endpoint activity over time, no matter how large the protected environment.
Assessment of the current security situation
Falcon Insight identifies the status of endpoints across the organisation. This makes it easy to identify and update agent settings and operating systems that are out of date or at risk.
Real-time detection
Falcon Insight continuously monitors activity on end devices, detecting suspicious behaviour and attacks as they occur.
Enforcement of password rules: administrators can enforce the use of strong passwords or PINs to unlock devices.
Example: all devices in the company are configured so that users must set passwords with a minimum length of 8 characters, containing numbers, letters and special characters. Attempts to use a simple password, such as '1234', are automatically blocked.
Example: all devices in the company are configured so that users must set passwords with a minimum length of 8 characters, containing numbers, letters and special characters. Attempts to use a simple password, such as '1234', are automatically blocked.
Data encryption: MDM enforces memory encryption on mobile devices, which protects data in the event of loss or theft.
Example: Bank employees' mobile devices have enforced data encryption. Even if the device is stolen, customer data (e.g. bank statements) will remain inaccessible without the encryption key.
Example: Bank employees' mobile devices have enforced data encryption. Even if the device is stolen, customer data (e.g. bank statements) will remain inaccessible without the encryption key.
Blocking hazardous functions: you can restrict access to features such as rooting, jailbreak or installing applications from outside authorised sources (e.g. Google Play, App Store).
Example: The technology company has blocked the installation of applications from unauthorised sources. An employee who tries to install a suspicious game from an unofficial site receives a message about lack of permissions.
Example: The technology company has blocked the installation of applications from unauthorised sources. An employee who tries to install a suspicious game from an unofficial site receives a message about lack of permissions.
Why Falcon Insight
Why use Crowdwstrike Falcon Insight?
01
Rapid detection and response to advanced attacks.
02
Full visibility of end device activity.
03
Reduce the time needed for incident analysis and minimise the impact of the attack.
04
The ability to anticipate threats through a global database of cyber attacks.
05
Minimise the risk of a data breach.
06
Simplifying IT security management in the organisation.
07
Increasing the productivity of IT teams.
08
Simple and quick implementation:
Saving time, effort and money: Falcon Insight's cloud-based version does not require any infrastructure to manage locally;
Deployment in minutes: thanks to a specially designed, lightweight agent, CrowdStrike enables the industry's fastest deployment with unparalleled scalability;
Immediately operational - Falcon Insight starts working straight away, monitoring and recording activities after installation without the need for rebooting, customisation, setting basic indicators or complex configuration;
No impact on the performance of protected resources: CrowdStrike provides full, automated protection on endpoints without affecting either their performance.
ESET
What is ESET PROTECT?
ESET PROTECT is an advanced IT security management platform that enables comprehensive protection of IT infrastructure in organisations. It offers centralised management of ESET solutions, including endpoint, server and virtual machine protection. The platform combines various security functions, including threat detection, incident analysis and vulnerability management, adapting to the needs of companies of all sizes.
Features of ESET PROTECT
Main features and functions of ESET PROTECT
Unified console
From ESET PROTECT, all ESET products running on all workstations in the company can be managed. This includes devices running Windows, macOS, Linux and Android operating systems, including workstations, mobile devices, servers and virtual machines, among others. The console is available essentially in the cloud with the option of local deployment:
provides real-time information on all devices - computers, servers, virtual machines and even mobile devices;
enables full reporting as required by the administrator;
controls prevention, detection and response mechanisms on all types of devices;
you can connect to it anywhere, anytime using your favourite web browser.
Comprehensive software to protect organisations and enable:
protection against malware, including ransomware;
blocking targeted attacks;
preventing data security breaches;
stopping fileless attacks;
detection of advanced zero-day threats;
equipment access control,
protection against phishing attacks.
Server protection
ESET Protect provides advanced protection for corporate data exchanged between servers of various purposes, including web, file and database servers, or multifunctional servers and the OneDrive platform.
Encryption of the entire contents of a drive
The ESET PROTECT console features native Full Disk Encryption on Windows and macOS PCs (FileVault). This feature enhances data security and allows compliance with applicable legislation.
Sandbox in the cloud
The ability to quickly analyse suspicious files in an extensive cloud-based testing environment definitely facilitates the detection of zero-day threats.
Hardware and software inventory
ESET PROTECT allows reports to be created on devices owned and applications installed across the enterprise.
Full multi-user support
The ESET PROTECT solution allows the creation of multiple user accounts and sets of permissions to access different console functionalities. This makes it possible to fully optimise the division of responsibilities in large corporate teams. Another advantage is the ability to perform a wider range of activities from a single location by dynamically grouping computers based on make, model, operating system, processor, RAM, hard drive capacity and many other parameters.
Precise control of policies
Enterprises can set multiple policies for the same computer or the same group of computers and nest the policies, allowing inheritance of privileges.
Operation of SIEM tools and SOC teams
ESET PROTECT provides full support for SIEM tools and allows all log information - using the widely accepted JSON and LEEF formats - to be made available to the Security Operations Centre (SOC).
Why ESET PROTECT
Why use ESET PROTECT?
Centralised management
Centralised management - ESET's platform allows all devices, servers, workstations and mobile devices to be managed from a single console.
Easy incident prevention
From the console home screen, the administrator can quickly assess the security situation in his or her company and react to any problems. With a single click, it is possible to perform actions such as creating exclusions, forwarding files for further analysis or running scans.
Multi-platform support
ESET's workstation protection solutions are available for Windows, Mac, Linux and Android, offering a mobile device management option (known as Mobile Device Management) for iOS and Android.
Control of devices and applications
ESET's software can manage access to external devices (e.g. memory sticks) and applications installed on workstations, minimising the risks associated with unauthorised access and software.
Comprehensive solution
From prevention to response, ESET PROTECT allows multiple ESET solutions to be managed from one place. The combination of solutions covering different areas - from threat prevention to threat detection and response - allows you to create a multi-layered protection structure, across the entire enterprise.
Compliance with regulations and standards
ESET's solutions help you stay compliant with data protection regulations by encrypting all disk contents on Windows and macOS.
High performance
ESET solutions are characterised by high performance. Tests conducted by independent organisations confirm the low hardware resource requirements of our solutions.
Full visibility of IT infrastructure
The ESET PROTECT console provides detailed, real-time information on the security status of devices, including unpatched vulnerabilities and active threats.