ESET Enterprise Inspector

The distinctive strength of ESET Enterprise Inspector is in Threat Hunting by “finding a needle in a haystack” approach. By applying filters to data that sorts based on file popularity or reputation, digital signature, behavior, and contextual information, any malicious activity can be easily identified and investigated. Setting up multiple filters allows automated threat-hunting task and can adjust the detection threshold to company specific environment.

The weakest point in security is often a person sitting by the keyboard, even without any bad intentions. Enterprise Inspector easily identifies these weak elements by sorting the computers by number of unique alarms triggered. If a user triggers multiple alarms, it is a clear indicator that his activity should be validated.

“Maliciousness” of an activity depends on the context. Activities performed on computers of network administrators are very different from the ones in the finance department. With proper grouping of computers, security teams can easily identify, if this user is entitled to perform a specific activity on this machine. Synchronization of ESET Remote Administrator endpoint groups and ESET Enterprise Inspector rules provides outstanding results of contextual information.

ESET Enterprise Inspector is an open architecture solution, which means that security team can adjust detection rules describing attack techniques to specific environment of the organization. Open architecture also gives flexibility to configure ESET Enterprise Inspector to detect violations of organization policies about using specific software like torrent applications, Cloud storages (e.g. Dropbox), Tor browsing, starting own servers, and other unwanted software.

It’s usually difficult for security teams to quickly prioritize and decide the next step among all the triggered alarms. Therefore, for each triggered alarm there is a proposed next step to be performed for remediation. This helps to ensure that any single important incident will not fall through the cracks.

With a few clicks security team can see what was affected, where and when specific executable, script, or action was performed, and analyze the cause of it “back to the root”. Each file created on devices monitored by ESET Enterprise Inspector can be tracked by its origin, which process and what user created it. Due to the nature of ESET Enterprise Inspector working in conjunction with our endpoint products, it allows us to trace incidents back further than just to a file. For instance, if the endpoint has email protection module active, security team can also see the information about the email, to which the file was attached.

When ESET Enterprise Inspector identifies a threat, it provides a quick response functionality. Specific file can be blocked by hash, processes can be killed and quarantined, and selected machines can be isolated or turned off remotely. This helps administrators to quickly make decisions without getting bogged down with excessive amounts of alerts, notifications, and other remediation steps.

As ESET Enterprise Inspector agent extends functionality of ESET endpoint security solutions, all of ESET’s malware removal features are active and allow ESET to remove detected malware, be it Trojans, backdoors, viruses, rootkits, potentially unwanted software, malicious browser extensions and other.