Security tips for clients based on ESET Protect detections

[Mauricio Osorio 1]

I have been working with ESET products for a decade and I think it is one of the best options at the level of cybersecurity products and I would like to open this space so that we can share from day-to-day practice those security recommendations that we can make for you to our customers, but based on the findings of security solutions such as ESET Endpoint Security and then reported in the ESET Protect management console. Why?

Because it is not usually very clear what I should do with those discoveries or reports that ESET Protect generates. I wish we could answer the following questions in this space:

• How can I reduce the number of incidents reported in the ESET Protect (EP) console ?: Based on the request of a client who belongs to the public health system of my country and who is alarmed because his network registers more than 2500 security incidents per month in the threats tab. Now my recommendation was to further limit users' internet access, block the use of USB storage devices and generic security recommendations, but I felt that we were wasting precisely all the information collected in EP and that the recommendations should rather than be generic. be based on the findings that are recorded in EP.
• At what time or scenario can I recommend to a customer that they should use ESET Dynamic Threat Defense or ESET Enterprise Inspector ?:  In addition to the interest of cross-selling, how can I justify to my client that it is time to strengthen their network with any of these tools. Is there any non-generic factor that can justify making this recommendation? Example: We have detected that you have a large number of detections that come from emails and we think it would be a good idea for you to have sandboxing in the cloud at this time.

And perhaps many other questions that you could contribute from your experience. As a purpose, what I would like is to take advantage of the information EP gives me and how I can make this information an added value for my clients.

Welcome everyone!.

[Marcos 5,074]

1, How can I reduce the number of incidents reported in the ESET Protect (EP) console ?
If you mean detections, then it depends what kind of detections is reported most. If it's malware detections, the recommended action is to clean all machines infected with malware. However, this should not be a typical case.

2, At what time or scenario can I recommend to a customer that they should use ESET Dynamic Threat Defense or ESET Enterprise Inspector ?
We always recommend using EDTD. With EDTD, response to new threats is really quick; instead of dozens of minutes or hours you get a response in less than 5 minutes, if not instantly. Moreover, results of EDTD analysis are shared across the whole company so if another user encounters the same malicious file, it will be blocked immediately. EDTD also provides proactive protection which means that files downloaded from the Internet, received via email or executed from removable media are blocked until they are analyzed in EDTD. Without EDTD, files are run immediately and if they are evaluated as suitable for analysis they are sent to LiveGrid so that a detection can be added (ie. with a delay).

EEI enables CSO or administrators to monitor the network for suspicious operations and proactively reduce the attack surface based on the data acquired. In case of a security incident it allows for tracking the infection or attack path to the origin.

[Nacho Martin 0]

On 7/22/2021 at 10:12 AM, Marcos said:

We always recommend using EDTD. With EDTD, response to new threats is really quick; instead of dozens of minutes or hours you get a response in less than 5 minutes, if not instantly. Moreover, results of EDTD analysis are shared across the whole company so if another user encounters the same malicious file, it will be blocked immediately. EDTD also provides proactive protection which means that files downloaded from the Internet, received via email or executed from removable media are blocked until they are analyzed in EDTD. Without EDTD, files are run immediately and if they are evaluated as suitable for analysis they are sent to LiveGrid so that a detection can be added (ie. with a delay).

Hi Marcos,

I was looking for the statement in bold above that if I am correct, corresponds with what is indicated in this page of the documentation of the product. Can you confirm that this functionality can be achieved only with ESET endpoint + EDTD license.

Thanks

 

[Marcos 5,074]

22 minutes ago, Nacho Martin said:

I was looking for the statement in bold above that if I am correct, corresponds with what is indicated in this page of the documentation of the product. Can you confirm that this functionality can be achieved only with ESET endpoint + EDTD license.

Correct. The said functionality is available with EDTD activated:

If you haven't purchased EDTD yet, you can contact your local ESET distributor and ask for a trial license so that you can test it yourself before you purchase it.