IOC Test with ESET Endpoint

[jinlei801011 2]

Dear ESET,

I have a customer enquiring us on IOC (Indicator of Compromise) test in their servers. I was reading about IOC I think ESET can address IOC in certain manners.

Could you elaborate more on how ESET can do IOC? Is there any tools that we need to get or ESET has already it own IOC tool?

Thanks

[Marcos 5,074]

We will have a new EDR product called ESET Enterprise Inspector which will enable administrators to receive alerts about suspicious operations performed in a network based on rules (pre-defined or custom) with an option to block suspicious files (currently by SHA1) and to create reports via ERA. EEI is planned to be released in a few months. Currently we're going to deploy a beta to a couple of corporate clients for testing purposes.

[bbahes 29]

5 minutes ago, Marcos said:

We will have a new EDR product called ESET Enterprise Inspector which will enable administrators to receive alerts about suspicious operations performed in a network based on rules (pre-defined or custom) with an option to block suspicious files (currently by SHA1) and to create reports via ERA. EEI is planned to be released in a few months. Currently we're going to deploy a beta to a couple of corporate clients for testing purposes.

Is Virtual Appliance for EEI now consideration?  

[Marcos 5,074]

1 hour ago, bbahes said:

Is Virtual Appliance for EEI now consideration?  

Currently not. The server will run on Windows only unless there's a high demand for a Linux version too.

[bbahes 29]

45 minutes ago, Marcos said:

Currently not. The server will run on Windows only unless there's a high demand for a Linux version too.

Would be nice to have some voting on this?

[Marcos 5,074]

45 minutes ago, bbahes said:

Would be nice to have some voting on this?

It's not about voting in this forum. The staff responsible for making decisions about priorities and resource allocation does that based on market requirements submitted by local partners and distributors. I'd recommend trying out the Windows version first once available to see what features EEI has and if you are interested in a version for Linux and possibly VA, contact your local distributor. The more organizations are interested in a particular feature / product, the higher chance we will be able to deliver it to you.

[bbahes 29]

1 minute ago, Marcos said:

It's not about voting in this forum. The staff responsible for making decisions about priorities and resource allocation does that based on market requirements submitted by local partners and distributors. I'd recommend trying out the Windows version first once available to see what features EEI has and if you are interested in a version for Linux and possibly VA, contact your local distributor. The more organizations are interested in a particular feature / product, the higher chance we will be able to deliver it to you.

The product features I've heard so far will make me look ESET solution rather than third party, but we don't wan't to waste money on Windows Server license and even more maintain that server. For me, linux virtual appliance like ERA is right thing to invest in.

But maybe you see EEI as product for large companies who have volume licensing from Microsoft? Would be really interesting to see this research result from local partners and distributors.

[Marcos 5,074]

EEI does not currently require installation on a Windows server. It's enough to install MySQL on Windows 7 or newer and it should work alright. Maybe it would be an acceptable solution for you, at least for testing purposes.

[bbahes 29]

3 hours ago, Marcos said:

EEI does not currently require installation on a Windows server. It's enough to install MySQL on Windows 7 or newer and it should work alright. Maybe it would be an acceptable solution for you, at least for testing purposes.

For testing I could try Windows 7 but for production VA is only acceptable solution for us.