Home >
Enterprise >
Participants >
ESET > Carbanak+FIN7 Configuration
|
ESET Configuration
Product Versions
Product | Version | Product Purpose |
---|---|---|
ESET Endpoint Security | 7.3.2044 | Endpoint solution |
ESET Enterprise Inspector | 1.5.1485 | EDR solution |
ESET Security Management Center (ESET Protect) | 7.2.11.3 | Central management console |
ESET Dynamic Threat Defense | Cloud | Cloud sandbox |
Product Description
ESET Enterprise Inspector is ESET’s EDR and together with our industry recognized multilayered endpoint solution ESET Endpoint Security they create a complete prevention, detection and response solution that allows quick analysis and remediation of any security issue in the environment.
MULTILAYERED PROTECTION
ESET combines multilayered technology, machine learning and human expertise to provide the best level of protection possible. Our technology is constantly adjusting and changing to provide the best balance of detection, low number of false positives and performance. Our technologies include:
- Machine Learning
- Advanced Memory Scanner
- Ransomware Shield
- Exploit Blocker
- In-product sandbox
- Botnet protection
- Network Attack Protection
- Deep Behavioral Inspection
- DNA Detections
- HIPS
- UEFI Scanner
- AMSI Script Scanner
- ESET LiveGrid cloud-based reputation system with data from 110+ million endpoints
CROSS PLATFORM SUPPORT
ESET endpoint protection products support all OSes including Windows, Mac, Linux and Android. All our endpoint products can be fully managed from a single pane of glass; mobile device management for iOS and Android is fully built in as well.
UNPARALLELED PERFORMANCE
A major concern for many organizations is the performance impact of their endpoint protection solution. ESET products continue to excel in the performance arena and win third-party tests that prove how lightweight our endpoints are on systems.
Our EDR solution ESET Enterprise Inspector builds on our over 30 years heritage of malware research expertise and gives security professionals and organizations a sophisticated Endpoint Detection & Response tool for identification of anomalous behavior and breaches, risk assessment, incident response, investigations and remediation. It monitors and evaluates all the activities happening in the network (for example user, file, process, registry, memory, network events and other low level system events) in real time and allows you to take immediate action if needed (for example by blocking hashes, killing processes, network isolation of endpoints and many others). Some of its highlights include:
-
OPEN ARCHITECTURE
Provides a unique behavior and reputation-based detection that is fully transparent to security teams. All rules are written in a common XML format and can be easily customized and created to match the needs of specific enterprise environments, including SIEM integrations.
-
POWERFUL REMOTE RESPONSE
ESET Enterprise Inspector features remote PowerShell capabilities that allow Security Engineers to remotely inspect and configure their organization’s computers, so a sophisticated response can be achieved without breaking the users’ workflows.
-
PUBLIC REST API
ESET Enterprise Inspector features an API that enables accessing and exporting of detections, and their remediation to allow effective integration with tools such as SIEM, SOAR, ticketing tools and many others.
-
MITRE ATT&CK™ INTEGRATION
ESET Enterprise Inspector references its detections to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework, which in one click provides you with comprehensive information even about the most complex threats.
-
THREAT HUNTING and ROOT CAUSE ANALYSIS
Apply data filters to sort it based on file popularity, reputation, digital signature, behavior or contextual information. Setting up multiple filters allows automated easy threat hunting, including APTs and targeted attacks which is customizable to each company’s environment. In just a few clicks, security teams can see a full root cause analysis, including what was affected, where, and when the executable script, or action was performed.
-
ANOMALY AND BEHAVIOR DETECTION
Check actions that were carried out by an executable and utilize ESET’s LiveGrid® Reputation system to quickly assess if executed processes are safe or suspicious. Monitoring anomalous user-related incidents are possible due to specific rules written to be triggered by behavior, not simple malware or signature detections. Additionally, violations of company policies of using specific software like torrent applications, cloud storages, Tor browsing, or other unwanted software can all be detected and blocked.
Product Configuration
Product | Configuration |
---|---|
ESET Endpoint Security |
For Detection test: switched to “report only” mode so that threats are detected but not blocked and the
attack is fully visible in the EDR console
Real-time & Machine learning protection switched to
“Aggressive” level (for reporting only)
For Protection test: default settings with all layers turned on Real-time & Machine learning protection switched to “Aggressive” level (for reporting & protection) |
ESET Enterprise Inspector |
Default settings Configuration change: “process DLLs” option switched from “Untrusted” to “All” |
ESET Security Management Center (ESET Protect) | Default settings |
ESET Dynamic Threat Defense | Protection test only. Default settings |