Network security solutions’ value proposition to be found in improved insights

Next story

The work of a large company’s IT security experts consists of safeguarding the network, the business infrastructure and devices, and all the data processed by the company.

For example, if a business has 10,000 employees, each may use a laptop and/or a desktop, as well as a mobile device and will connect to a server. As such, the total number of devices utilized at an enterprise may be enormous. Alternatively, another company may have a small management cadre of 100, and 10,000 employees involved in production, retaining a relatively low number of endpoint devices, but numerous servers, a production line with its own operating system, and a number of Internet of Things (IoT) devices. These may be used to monitor product distribution or production, for example to monitor dairy cows and the tracking of cattle.
 
In both cases, the devices used are connected to a corporate network, and as such, IT security experts understand that maintaining protection for all of these devices, the corporate network and stored data is very complicated. They also concede that company security is at risk of being breached, either via a mistake, the negligence of an employee, or due to some form of cyber-attack.

Industry consensus shows that it takes about 150-200 days before companies discover that cyberattackers have impacted their businesses in some way. Such a discovery is followed by an investigation into how malicious code entered the company’s network and what damage it has caused. It may be the case that a company never gets answers to these questions.

When less is more
In many cases ESET has encountered companies simultaneously running a large number of agents up to  an incredible 15 to 17 on their network and devices in an attempt to achieve maximum coverage. However, the utilization of a large number of agents, often from different vendors, creates an environment where they do not play well together. This can have a significant negative impact on system performance, security, and the workload of IT staff who are tasked with managing it all.

As a consequence of this complexity, companies have been experiencing increased pressure on their IT security resources, higher costs and increased risk exposure. Under such conditions they (usually) try to evolve towards reducing the number of agents by choosing platforms where multiple agents can be managed from a single dashboard.

To better meet this need ESET has continued to adapt solutions like ESET Remote Administrator, which was originally designed for the remote management of endpoint device security. Increasing market demand for deeper insight and further security capability has helped give rise to a new product: ESET Security Management Center (ESMC). The new name better reflects the actual functionality of the console.

This solution consolidates the management of a number of powerful technologies into a single dashboard that can increase visibility into the state of the system. These include, but are not limited to: cloud sandbox and endpoint detection and response. They also cover ESET Endpoint protection platform for endpoint devices with a wide range of detection technologies, from UEFI protection to ransomware shield.

ESMC is able to provide an administrator with a lot of information on the hardware of individual computers, such as device type, manufacturer, model, serial number, processor, RAM, and disc space. It also monitors all installed software and version numbers, providing the companies deploying the solution comprehensive and clear insight into all devices, hardware, software, and potential security incidents.

ESET Enterprise Inspector (EEI) is an extension of ESMC, and a tool for retrospective analysis of cyberattacks when perspective is even more critical. It allows an administrator to adjust detection rules describing attack techniques to the specific environment of the organization and to detect violations of organization policies about using specific software like torrent applications, cloud storage, Tor browsing, starting own servers and other unwanted software.

For example: the solution may have detected a suspicious network connection, followed a minute later by a non-system process that was launched under a system name from an application that was not signed by any valid certificate. In this scenario, the administrator is able to view all the details and correlate the events by means of the Enterprise Inspector’s extended interface. These tools make forensic investigations much shorter and simpler.

ESET Security Management Center is a pivotal part of ESET Enterprise solutions and is included with the purchase.