EDR cloud solution with ESET PROTECT?

[rubencastello90 1]

Hello,

Have been using ESET Products for a long time and love them but now it seems that EDR solutions are becoming very popular and it feels like ESET is not giving so much love to it. I like the move from other products to ESET Protect Cloud but EDR is not integrated on there, still needs on-premises console while other manufacturers have all in cloud integrated.

Is planned to integrate EDR on ESET Protect Cloud? Or at least a Cloud console?

What are future plans for EDR?

Another question is that I have been told by an integrator here in Spain, that Dynamic Threat Defense was the EDR from ESET but I guess that they were wrong. I 'm not agree with this because cloud sandbox (EDTD) needs a file to analyze it's behavior and in the other hand EDR detects suspicious behavior on computers without a file. Can someone share more light on this? I'm wrong?

[itman 1,495]

2 hours ago, rubencastello90 said:

Another question is that I have been told by an integrator here in Spain, that Dynamic Threat Defense was the EDR from ESET but I guess that they were wrong. I 'm not agree with this because cloud sandbox (EDTD) needs a file to analyze it's behavior and in the other hand EDR detects suspicious behavior on computers without a file. Can someone share more light on this? I'm wrong?

FYI

Quote

Support of ESET Dynamic Threat Defense

An add-on paid service that provides another layer of security for ESET products such as Mail Security and Endpoints by utilizing a cloud-based sandboxing technology to detect new, never-before-seen threat types. Future proof your company’s IT security with: Behavior-based Detection, Machine learning, Zero-day Threats Detection and Cloud Sandboxing. Learn more

https://help.eset.com/protect_cloud/en-US/what_is_new.html

Edited January 16, 2021 by itman

[Marcos 4,548]

ESET's EDR solution is ESET Enterprise Inspector (ie. not EDTD). Currently the on-premise EEI receives a lot of intel data from clients (much more than any other competitive solution as far as I know) which is why it cannot be used in the cloud easily. However, we're working on a cloud version of EEI which will be announced here as well as via other standard channels shortly before the release.

[rubencastello90 1]

Thank you all for answering. Sorry for my basic English if something was misunderstood. Yeah I was sure that EDR and ESET Dynamic Thread Defense (EDTD for me :P) where different.

Glad to know that a Cloud console for EDR (EEI) is work in progress. Is possible to share more details just about ETA and if it will be integrated with ESET Protect or will be an additional console?

Thanks,

[Marcos 4,548]

Whether or not EEI will be integrated with ESET PROTECT / ESET PROTECT Cloud in the future is subject to further research and decisions.

Since we're not close to the release yet, public ETA has not been yet. We'll announce it when available.

[Tita314 0]

Hi, Marcos,

 

Can you guide me where to find real use cases  EEI in the organizations round the world?

I find only common information about  ESET's customers on different sites, but it is not clear who integrated EEI

[MichalJ 430]

Hello @Tita314, do you mean public case studies, referencing real life users of our EDR solution, or rather a set of common use cases, that our EDR might help addressing / solving? 

[Tita314 0]

@michalj

 

Thank you for your answer. I mean  referencing real life users of ESET EDR solution.

 

[MichalJ 430]

Hello, I have checked it with our sales team. At ESET we value the privacy of our customers, and do not publish their names / case studies without a prior consent. As EDR software is quite sensitive, our customers did not approve sharing their names publicly, as that would increase their exposure.

From the internal materials that I have briefly reviewed, we have customers from Finance, Retail, Healthcare/Pharma, Education, and Services industry. More details about our EDR and industry recognition can be found here: https://www.eset.com/int/business/why-eset/industry-analysts-recognition/ 

EEI has been recently tested by AV Comparatives: https://www.eset.com/int/about/newsroom/press-releases/awards/eset-named-a-strategic-leader-in-rigorous-new-av-comparatives-endpoint-prevention-and-response-tes/

ESET is currently taking place in the latest round of the MITRE testing, which should be published soon. Also, there are peer reviews of our EDR solution publicly available on various peer insights. 

Hope that this helps. 

[Tita314 0]

Michalj,

Thanks, the information is very useful! I try to follow each ESET activity. it would be great if you can real cases and roadmap of developing the EEI. More information - more customers!

looking forward to the end of MITRE testing

[rubencastello90 1]

On 1/16/2021 at 9:15 PM, Marcos said:

ESET's EDR solution is ESET Enterprise Inspector (ie. not EDTD). Currently the on-premise EEI receives a lot of intel data from clients (much more than any other competitive solution as far as I know) which is why it cannot be used in the cloud easily. However, we're working on a cloud version of EEI which will be announced here as well as via other standard channels shortly before the release.

Hello Marcos,

It's possible to know if we can expect EEI Cloud for this year?

Thanks,

[Marcos 4,548]

34 minutes ago, rubencastello90 said:

It's possible to know if we can expect EEI Cloud for this year?

There's a good chance it will be ready this year.

[rubencastello90 1]

On 1/19/2021 at 10:30 AM, Marcos said:

Whether or not EEI will be integrated with ESET PROTECT / ESET PROTECT Cloud in the future is subject to further research and decisions.

Since we're not close to the release yet, public ETA has not been yet. We'll announce it when available.

Hello Marcos,

Sorry for bothering you again, but do you have more information that can share? I mean, waiting impatiently EEI to come as cloud version, but want to know if it will be integrated on ESET Protect, having a third console (ESET Protect Cloud, ESET Cloud Office Security and ESET Interprise Inspector "Cloud")  will be a huge pain for MSPs to track all the network.

[MichalJ 430]

Hello, @rubencastello90 in the first phase, it will work in a similar fashion compared to the on premises deployment. However, EEI and EP Cloud will be closely interconnected, and you can see all of the detections from EEI also in ESET Protect, with a very simple navigation between them. What would you envision under being "fully integrated"? 

[rubencastello90 1]

Hello @MichalJ,

Thanks for reply. For fully integrated I mean not login to differents consoles (2 Tabs on browser) and have all the information for EDR like computers, detections, alarms, tasks, etc...  in one place like ESET Protect, were we can remediate immediately or look for problems in CLIENTS at a glance. If detections are shared to ESET Protect it will be a good point to start but ideally EEI menu need to be integrated on ESET Protect I think. Additionaly, info about EDR on clients will be good point.

Having multiple consoles, panels or dashboards is a big pain for MSPs trying to deliver cybersecurity to companies due to overhead of having to search information across that panels or send tasks from different ways. We need to simplify it and integrate it

I'm saying all of that that because I believe that EDR is a complement or different from EPP and they always are better together, so I don't want to treat it as separate. EPP for prevention and EDR for file-less atacks, behaviour based attacks or targeted attacks. Not like other vendors that sell EDR as magic new NextGenAV.

And what about agent? It will be merged to Management agent or EPP?

Another question...Can we expect this first phase before summer?

 

[MichalJ 430]

Hello @Ruben_Castillo Thanks for the feedback. I have forwarded it to my colleagues from Product Management. I understand your point, but can´t comment about any particular specific plans at the moment. 

[Adam Luzsicza 2]

On 3/29/2021 at 4:25 PM, rubencastello90 said:

Hello @MichalJ,

Thanks for reply. For fully integrated I mean not login to differents consoles (2 Tabs on browser) and have all the information for EDR like computers, detections, alarms, tasks, etc...  in one place like ESET Protect, were we can remediate immediately or look for problems in CLIENTS at a glance. If detections are shared to ESET Protect it will be a good point to start but ideally EEI menu need to be integrated on ESET Protect I think. Additionaly, info about EDR on clients will be good point.

Having multiple consoles, panels or dashboards is a big pain for MSPs trying to deliver cybersecurity to companies due to overhead of having to search information across that panels or send tasks from different ways. We need to simplify it and integrate it

I'm saying all of that that because I believe that EDR is a complement or different from EPP and they always are better together, so I don't want to treat it as separate. EPP for prevention and EDR for file-less atacks, behaviour based attacks or targeted attacks. Not like other vendors that sell EDR as magic new NextGenAV.

And what about agent? It will be merged to Management agent or EPP?

Another question...Can we expect this first phase before summer?

 

Hi Ruben,

Thanks for the valuable feedback - Michal did indeed forward it to the EEI team. Allow me to provide a little more information - EEI Cloud is one of our top priorities and you can expect it towards the end of Q4 this year. 

In its first iteration it will be a separate console just like it is now with the on-premise versions of EEI + ESET PROTECT consoles. However, please note that they will be tightly integrated, will share the same single sign-on (SSO). We are definitely exploring multiple approaches such as merging EEI (or EDR functionality in general) with PROTECT, however we really want to make sure that the user experience is solid and this requires more time which is one of the key factors at the moment. Functionality-wise EEI Cloud will be really strong and equal to its on-premise counterpart (we plan to release and update - version 1.7 at the same time).

For a seamless MSPs experience we plan to later implement the same style of multitenancy as is currently used in PROTECT, in the next version of EEI after the initial launch of its Cloud version.

[rubencastello90 1]

On 4/12/2021 at 1:30 PM, Adam Luzsicza said:

Hi Ruben,

Thanks for the valuable feedback - Michal did indeed forward it to the EEI team. Allow me to provide a little more information - EEI Cloud is one of our top priorities and you can expect it towards the end of Q4 this year. 

In its first iteration it will be a separate console just like it is now with the on-premise versions of EEI + ESET PROTECT consoles. However, please note that they will be tightly integrated, will share the same single sign-on (SSO). We are definitely exploring multiple approaches such as merging EEI (or EDR functionality in general) with PROTECT, however we really want to make sure that the user experience is solid and this requires more time which is one of the key factors at the moment. Functionality-wise EEI Cloud will be really strong and equal to its on-premise counterpart (we plan to release and update - version 1.7 at the same time).

For a seamless MSPs experience we plan to later implement the same style of multitenancy as is currently used in PROTECT, in the next version of EEI after the initial launch of its Cloud version.

Thank you for feedback Adam.