Ransomware and other complex cyber-attacks take time to develop. After the initial breach, attackers usually establish connection with the command and control server and make a series of lateral movements in order to obtain administrative privileges and gain control over hot backups. Whereas previously it could take weeks or even months before the victim’s data was exfiltrated and assets were encrypted, now this time is reduced to days or a few hours, leaving less chances to the target company to recognize any signs of attack before it is too late.
Where to start defending the organization? Endpoints are the most common “interface” between employees and the company network and one of the favorite entry points for cyber-criminals 1. Monitoring the activities of each endpoint and ensuring that they have consistent settings are two key challenges for the day-to-day security of organizations’ infrastructure. An Endpoint Detection and Response (EDR) technology has been designed to provide visibility on what happens on the endpoints, as well as to take countermeasures in case a malicious process is detected.
Since attackers leverage multiple techniques to conduct cyber-attacks, the more data on the endpoint the EDR can manage, the better chances to detect threats it has. Integrating the technology with common business applications is essential to prevent them from being exploited with malicious intent.
However, EDR technologies generate a high volume of automated alerts that require ongoing attention and analysis. Human resources have to sort out alerts representing threats, suspicious processes or even legitimate activities that failed technology checks. To unlock the full potential of EDR, organizations need to understand, manage and respond faster to the alerts generated. This is not an easy task, when 62% of IT leaders find their team understaffed2.
Sababa MDR is an endpoint managed detection and response solution. It combines a recognized EDR technology with experience of the Managed Security Team analysts, that spot anomalies and early signs of intrusion on the endpoints and take faster decisions in case of security incidents.
Advanced endpoint protection
Sababa MDR enforces endpoint security with more detailed device and application settings, ensuring that all the endpoints are configured consistently with company policies. The technological backbone of the service provides additional features to improve the overall security posture and reduce the attack surface. For instance, it is possible to prevent users from navigating on malicious or undesired websites (URL/Web Filtering), or recognize if any user is performing anomalous and dangerous operations and much more.
The solution also allows flexible isolation from the network of infected machines, preventing the malware from spreading within the infrastructure, as happens in ransomware attacks.
Cloud Application integration
Sababa MDR leverages a natural integration with Microsoft Office 365, G Suite, Dropbox and other popular services, extending the detection to those environments and using their data for security event triaging and investigation.
Local Managed Security Team
The Sababa Managed Security Team helps boost the effectiveness of your endpoint security. Consisting of certified cybersecurity engineers, it constantly monitors security alerts, responding to incidents through triage activities and resolving false positives. Customers can monitor the service through a read-only access to the management console and a monthly report for both internal technical teams and company’s executives. The dedicated service manager would provide reports in Italian, English, Spanish and other local languages.
Sababa MDR can also empower Managed Service Provider (MSP) offerings without any structural extra costs. Sababa Managed Service Team acts like an extension of an MSP organization, taking care of detection and response for multiple clients, so MSPs can focus on providing more value to their customers and strengthening their relationship.