Advanced Security + Endpoint Detection and Response (EDR)
Eliminate the cost and complexity of multiple point products and enable your team with one complete cyber protection solution that is simple to manage and deploy.
Single-click response to attacks for unmatched business continuity.
Prevail where point solutions fail — leverage the full power of integration among cybersecurity, data protection and endpoint security configuration management via a single-click response to incidents:
- Remediate by isolating endpoints and quarantining threats
- Investigate further using remote connections and forensic backups
- Prevent future attacks closing open vulnerabilities
- Ensure business continuity with integrated backup and recovery
Attack-specific rollbacks
Quickly and easily roll back attack damage, including affected files, data and configurations — streamlining remediation without depending on the vulnerable Microsoft Volume Shadow Copy Service that most solutions leverage.
Automated interpretation of incidents mapped to MITRE ATT&CK®
Streamline response and increase reactiveness to threats, leveraging AI-based interpretations of attacks mapped to MITRE ATT&CK® to understand in minutes:
- How the attacker got in
- How they hid their tracks
- What harm the attack caused and how it caused it
- How the attack spread
- Prioritization of incidents – Focus on what matters and increase your responsiveness to attacks by leveraging automatic incident alerts that are prioritized based on criticality, so your team can focus on remediating instead of hunting.
- Threat containment and quarantining – Remediate attacks by stopping malicious processes and quarantining analyzed threats — blocking them from execution as part of unified, single-click response capabilities.
- Endpoint isolation – Stop attacks from spreading and affecting more endpoints – you can isolate affected points from the network to prevent lateral movement.
- Recovery, including full reimaging – Ensure clients’ businesses always remains up and running and that they can quickly recover data and operability after attacks. With best-of-breed backup and recovery capabilities integrated in our single-click response, you can recover specifc files or reimage the whole endpoint.
- Disaster recovery failover (with Advanced Disaster Recovery) – Ensure an unmatched level of business continuity with integrated disaster recovery. Automatically switch to a backup, off-site environment in case of attacks that disrupt customers’ business continuity.
- Remote endpoint connection (with Advanced Management) – Investigate incidents further with a secure remote connection to affected endpoints for troubleshooting and additional analysis purposes.
- Forensics backup – Collect evidence for further investigation, reporting, compliance and legal purposes by gathering forensic information — like memory dumps and process information — and storing it in temper-protected backups.
- Patch management (with Advanced Management) – As part of the single-click response to attacks, you can close security gaps to prevent future incident reoccurrence with our integrated patch management for 250+ applications.
- Event monitoring and automated correlations – The solution monitors events on an endpoint level and automatically correlates them in attack chain graphs per incident.
- Intelligent search for IoCs with focus on emerging threats – Focus on what matters, like indicators-of-compromise (IoC)-related emerging threats from our real-time threat intelligence feeds and automatically search IoCs across all endpoints — instead of scanning hundreds of lines of logs.
- Real-time threat intelligence feed – Acronis Cyber Protection Operation Centers (CPOC) continuously monitor the cybersecurity landscape and release alerts on potential threats of any kind. Receive real-time alerts on malware, vulnerabilities, natural disasters, and other global events that may affect data protection, so you can prevent them.
- Exploit prevention – Prevent advanced attack techniques, including zero-day and fileless attacks, with behavior-based detection heuristics focused on vulnerability exploitation. Acronis’ exploit prevention technology specifically detects attempts to take advantage of software vulnerabilities.
- Anti-ransomware detection with automatic rollback – Detect and stop ransomware, including advanced sophisticated forms, and automatically roll back any changes caused by the threat or any data that was affected.
- Behavior-based detection – Protect clients, their data and operations against modern threats with award-winning protection to detect typical patterns of malicious behavior and prevent threats from executing.
- URL filtering – Help your clients achieve compliance and increase productivity by preventing attacks from malicious websites. Acronis URL filtering lets you control website access through an HTTP/HTTPS interceptor, manage exceptions for URLs, and perform payload analysis.
- Unprotected endpoint discovery – Ensure no gaps in client defenses by streamlining the discovery of unprotected endpoints and enabling remote agent installation and service provisioning.
- Vulnerability assessments – Monitor endpoints for open vulnerabilities and provide a prioritized view based on vulnerability criticality — enabling you to streamline security configuration management on top of attack detection and response.
- #CyberFit Score to evaluate the security posture of endpoints – Quickly and easily asses the security posture of endpoints and leverage our guided recommendations to secure customer endpoints. Unlock a unified view of all endpoints along with their #CyberFit Score to streamline security configuration management.
- Data classification (with Advanced DLP) – Increase your visibility over affected data when investigating attacks by classifying outgoing data from customer endpoints to detect sensitive data exfiltration and stop it with greater efficiency.
- File- and system-level backup – Ensure not only endpoints are protected, but also the data residing on them. Leverage best-of-breed, pre-integrated backup capabilities, enabling an unmatched level of data protection and business continuity.
- Device and port control – Strengthen data security and prevent leakage of sensitive information via locally connected devices and ports with controls over user access to such local channels, and data operations related to them — even for virtualized sessions.
- Automated, tunable allowlisting based on profiling – You can enable monitoring and profiling of clients’ applications to create an automatic allowlist of the most used applications, including custom apps, to save time and avoid resource-draining false positives. You can manually add or remove apps from the allowlist.