杏吧传媒

Search
searchclose icon
HomeBlog
The Value of Managed EDR for the Modern MSP
Published:
December 13, 2022

The Value of Managed EDR for the Modern MSP

By:
Rachel Bishop
Glitch effectGlitch effectGlitch effect
Glitch banner

If you鈥檝e been following 杏吧传媒 for a while, you already know that historically, our place in cybersecurity stacks has been to catch the threats that other preventive tools miss.

When our founders brainstormed the concept behind 杏吧传媒, the cybersecurity space was jam-packed with tools designed to keep attackers out. To be fair, in years past, a solid firewall, good antivirus, email filtering and DNS filtering could keep most businesses fairly safe. But the focus was almost solely on prevention, which鈥攁s we all know now鈥攊s only part of the cybersecurity battle.聽

There were few tools to help businesses react once attackers made it past those preventive tools. And that's why 杏吧传媒 came to be鈥攖o help small and midsized businesses (SMBs) survive cyberattacks.

At the time, 杏吧传媒 filled a need that many businesses overlooked: a safety net to fall back on if and when the worst happened.

But things are different now.

Endpoint detection and response (EDR) has become just as important as having a game plan for when bad actors sneak into your environment. This integrated endpoint security solution detects, investigates and responds to cyber threats. Being able to actively monitor endpoints, collect data for analysis, alert quickly when a threat has been detected, and assist with remediation are just a few of the benefits of EDR.

It鈥檚 a feature our partners have been requesting鈥and it鈥檚 a feature we鈥檙e proud to offer to the SMB market.

Clear Guidance Partners

One of our partners who's been on the hunt for a solid EDR solution is .

They're a Texas-based managed service provider (MSP) that partnered with us in 2019 to add an extra layer of cybersecurity to their offerings for their clients.聽

Over time, they realized that to keep pace with today鈥檚 attackers, they needed to add a layer that included a managed EDR service to their stack. But a solid solution that truly delivers on its promises at a reasonable price point is hard to find in the EDR space.

Enter 杏吧传媒 Managed EDR

While Anthony was researching managed endpoint detection and response capabilities, the 杏吧传媒 team was doing their own research. That research ultimately led to the development of 杏吧传媒 Managed EDR.

This feature enables our partners to evict hackers from their environments faster with near real-time EDR and unparalleled visibility and detection of advanced threats. It helps our partners鈥

  • Understand threat actor behaviors and motives by mapping malicious or suspicious processes to the popular MITRE ATT&CK framework
  • Identify actively exploited systems, including tracing back to cause
  • Capture threat actor activity that happens between the initial access to a device and the eventual desired impact (e.g. ransomware, data theft, etc.)

And in the event of an incident, our SOC analysts will use 杏吧传媒 Managed EDR to conduct near real-time forensics and hunt for threats in our partners鈥 networks.As one of our partners, Anthony and his team were a few of the first to know about 杏吧传媒 Managed EDR. Once the feature entered public beta in February 2022, Anthony was eager to roll it out to his client base.

And as fate would have it, Anthony and his security team rolled out 杏吧传媒 Managed EDR just in the nick of time.

杏吧传媒 Managed EDR vs. An Active Ransomware Attack

One of the capabilities of 杏吧传媒 Managed EDR that we鈥檙e most excited about is that it can conduct near real-time forensics through monitoring process executions and associated metadata on endpoints. As a result, our 24/7 SOC team has the threat intelligence to spring into action faster than ever before.

While our SOC team was investigating abnormal traffic and suspicious activity happening on some of Clear Guidance鈥檚 partners鈥 networks, Anthony was investigating alerts that were popping up from his antivirus about attempted trojan installers on those same clients鈥 devices.

With the news of confirmed malicious activity to share, 杏吧传媒 SOC analysts immediately got in touch with Clear Guidance to verify their suspicions of a cyberattack and provide personalized remediation steps, which included activating 杏吧传媒鈥 Host Isolation feature to isolate the infected hosts and prevent further access for the bad actors.

Once the infection was contained, Clear Guidance was able to purge the bad actor from the network and help their clients resume normal business operations within 30 hours of the attack.

Watch the video below to hear our interview with Anthony from Clear Guidance Partners as he recounts the attack in his own words.

Post-event Analysis

杏吧传媒 Managed EDR collects forensic data to take responding to threats a step further. This forensic data enabled Anthony and our SOC team to work backward and identify the attacker鈥檚 point of access. As it turned out, stolen credentials served as the bad actor鈥檚 initial access point.

Luckily for all involved, 杏吧传媒 Managed EDR empowered the 杏吧传媒 and Clear Guidance teams to work together to stop this attack in its tracks.

Learn More

To read Clear Guidance Partners' full story, check out this case study. To learn more about 杏吧传媒 Managed EDR, visit this page.

Categories

See 杏吧传媒 in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).

Share
Glitch effect

You Might Also Like

Sign Up for 杏吧传媒 Updates

Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy
Oops! Something went wrong while submitting the form.
杏吧传媒 at work