Go for the Best… Huntress EDR

A lot of customers are coming to us, asking, what should they do to ensure their systems are fully protected over the upcoming holiday period.  Our response has been to take this a step further, look at the big picture, and ask, what does the future hold in terms of Cyber Security Threats?  The scary answer to this is new types and styles of hacking attack that traditional antivirus simply cannot detect.

Enter Huntress EDR:   To say it is advanced anti-virus is an understatement.  We have been running this internally for a few months and it is a game-changer.  We have put together a blog to explain everything about it so you can understand this further, and then weigh up cost vs benefit for your business.  We feel that as hacking methods evolve we should also keep pace with what is actually going on out there and adjust our security approach accordingly.

Security is a layered approach and the more layers you have the safer you are.  However, our advice is that if you were to only invest in one area of Cyber Security for your business, then this would be it.  

Why You Need It!

This is far more than just an additional nice to have in your IT system inventory. This could be the difference between being hacked or not.

Below is a list of what EDR by Huntress can do for your business along with a real example where we purposely infected one of our computers and documented what happened after that….. Very interesting.  But for now, if you need to understand one point of difference, EDR stands for Endpoint (that’s your device), Detect (searching for threats) and Respond (an active response is provided).  And it is the response part of this which is completely new and next generation, designed to handle the new types of threat attack out there.

Normally, when a breach occurs, nobody has a clue what happened, how it happened, where it started, how far it has spread, what data has been breached, etc. etc.  During such a crisis you need to communicate with customers and insurance companies.  The faster you can give out accurate answers and communications the quicker you can be up and running again with minimal downtime and limited reputation damage.  

This is where Huntress EDR Incident Investigation pays for itself ten fold.  Included in your licence fee, Huntress EDR provides thorough and detailed incident investigation reports to understand the source and scope of security breaches. This is paramount when a breach occurs and your Insurance Company and/or Regulatory Body requires this report for legal or compliance reasons.  The ability to immediately and accurately report on the type, nature and extent of the breach from an accredited EDR system is the only way this can be achieved.

Below is a summary of key features

1. Advanced Threat Detection: Huntress EDR can detect and respond to advanced and new types of threats that may evade traditional antivirus software. It uses advanced algorithms and AI to stop hacking attacks which are completely different from a normal virus type of infiltration.

2. Real-time Monitoring: It offers real-time monitoring of endpoint activities, providing immediate visibility into potential security issues. This is actively reported back to real human beings (called a SOC Team) 24/7 who then take action on your behalf to stop threats in their tracks before they spread.

3. Threat Remediation: The platform provides tools for effective and automatic threat remediation, enabling businesses to keep operating by providing the appropriate and immediate response. Huntress automates the solutions to all known and unknown threats detected.

4. Fileless Malware Detection: Huntress EDR can identify fileless malware, which is a new type of tactic used by attackers to evade detection from traditional antivirus products.

5. Data Protection: It helps protect sensitive business data and prevents data breaches.

6. Compliance Requirements: Small businesses may need Huntress EDR to meet specific compliance requirements, such as the NZ Privacy Act 2020, CCPA, HIPAA or GDPR.

7. Security in Remote Work Environments: With the rise of remote work, Huntress EDR can secure endpoints (computers) outside the main business network.

8. Preventing Business Disruption: It helps prevent cyberattacks that could disrupt business operations and result in downtime. This could save a lot of money in terms of time & productivity, as well as dealing with any fallout from a successful attack.

9. Zero-Day Threat Defense: Huntress EDR can detect and respond to zero-day threats, which are new and unknown vulnerabilities.

10. Protection Against Ransomware: It is effective in detecting and preventing ransomware attacks, which can be devastating for small businesses. As apart of detecting Ransomware - one of the strategies that Huntress EDR employs is a ‘canary in the mine’ tactic. It has dummy files spread out across the device that are actively monitored and if these are tampered with then EDR will kick into action immediately.

11. Reducing Attack Dwell Time: By swiftly identifying and responding to threats, Huntress EDR helps reduce the time that attackers have access to the network. This could be the difference between a major outage and a small blip on the radar.

12. Multi-Layered Defence: It complements existing security measures and provides an additional layer of defence against cyber threats. Combined with antivirus and other services that Computer Clinic provide, you are providing your business and data with a multi-layered security approach. No one solution can protect all the different types of Cyber Security threats out there.

Difference Between Traditional Anti-Virus Solutions and EDR

Anti Virus = Reactive, Endpoint Detection & Response = Proactive

Traditional antivirus solutions still have a place but come with known limitations

Limited Detection Capabilities:

Traditional antivirus hinges on known threat databases and behavioral analysis for malware detection, but as attacks become more sophisticated, attackers employ alternative techniques like fileless malware and legitimate tool exploitation, to infiltrate systems, posing a significant challenge for traditional antivirus in identifying such threats effectively.

Reactive Protection:

Antivirus software often detects and blocks malware after it's already active, which can be too late to prevent significant harm. Ideally, threats should be proactively identified and neutralized before the malware gets a chance to execute on your system.

Limited Investigative Capabilities:

After a cyberattack, a comprehensive investigation is crucial to grasp its origins and fortify against future incidents. Traditional antivirus tools collect malware data but are not designed to offer insights into the initial system infiltration and spread pattern.

In light of these limitations, businesses should consider more advanced and proactive cybersecurity measures to effectively protect their systems and data, especially if there is an expectation from customers or a regulatory compliance, that data is properly protected and reported on.

EDR does not replace AntiVirus

Both antivirus and EDR (Endpoint Detection and Response) are necessary in a security stack because they are two different layers. Antivirus provides essential threat detection and prevention such as malware in an Adobe PDF file, while EDR offers advanced capabilities for real-time monitoring, investigation, and response to more sophisticated and evolving patterns of cyber threats. The combination ensures a more robust, comprehensive, modern and new era type of defense against a wide range of attacks. The latest types of attack require a next gen defense!

Further Explanation & Real World Example of Huntress use

• Patrick set up a sacrificial PC in our office on 4G internet - completely separate and isolated from our network.

• Ben then had the task of destroying it with malware/viruses/ransomware/trojans etc.

• He disabled the normal antivirus and Huntress on it so we could download some very nasty software called Mimikatz, and then opened it to let it take over the computer.

• We turned on Huntress to see what would happen.

• Huntress blocked everything from running and shortly after that, Patrick received a phone call from Huntress’ SOC team reporting that we had a breach, and we also were sent an incident report as to what happened. Below is that report:

We then logged into Huntress, clicked on the 'Critical Incident', reviewed Huntress's already pre-populated and ready-to-remediation plan, and then executed it. In this instance, the remediation plan involved removing the software and rebooting the PC at the click of a button: 

Next Steps

If you see the need for this layer of security and would like to get this operational before the holidays, get in touch now.