Jump to content

ESET Endpoint Security Asset Quarantining Question


Recommended Posts

Hey All,

My company and I are working on deploying ESET within our environment.  We're wanting to evaluate the deeper and more intricate ways of securing our environment.  One way that we're tinking with is device auto quarantining, such in the case of ransomware.

Our current license level is 'ESET Endpoint Security + File Security'.  

Does our license level / Eset support this feature?

 

Example being:

A user downloads and runs something that contains a wormable malware, or ransomware.  ESET will detect this and disable the network adaptor, or blackhole route the network traffic of the device to stop the device from reaching out to the network.  Once the asset has been cleaned, and malware is removed, it then re-enables network connectivity.

Edited by Tyler Lindberg
spelling
Link to comment
Share on other sites

  • Administrators

If ESET detects malware upon download, there is no reason to isolate the computer from network. If you leverage ESET Dynamic Threat Defense (not part of ESET PROTECT ENTRY: https://www.eset.com/us/business/small-and-medium/), you can enable proactive protection so that files downloaded from the Internet or run from removable media are temporarily blocked unit a verdict from the cloud analysis is received. Results about the analysis of particular files are shared only across your own company so that the same file on another machine would not be analyzed again.

Another thing which is possible is to create a dynamic group with computers with unhandled threats and bind the isolate computer from network task to it. As a result, any computer that falls into this dynamic group, e.g. because a threat could not be cleaned for whatever reason will get isolated from the network and only communication with the ESET PROTECT server will be possible.

If you are a bigger company you can consider our enterprise EDR solution ESET Enterprise Inspector. It provides you with an overview of operations in your network that may possibly pose a security risk. This can be used in prevention of future attacks or after an attack to determine the attack vector. Currently there are more than 600 pre-defined rules that identify possibly suspicious operations seen in attacks:

image.png

image.png

If you are interested in the cloud sandbox (ESET Dynamic Threat Defense), ESET Enterprise Inspector or any other our products, please contact your local ESET distrbutor (ESET LLC in the use) for pricing.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...