While I generally don’t write about product releases directly, it’s important to do so when they add value to our partners’ ability to protect their customers from today’s threats. I am pleased to announce that SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne®, is now available within the SolarWinds RMM platform.
Even before we started down the road of the “work from anywhere” movement, accelerated by the pandemic this year, the severity of threats in the landscape were increasing—while the techniques and tactics used by bad actors were becoming increasingly complex, designed to bypass traditional protections. As services providers, this meant investigating new processes and products to help ensure end users and businesses were protected from these new and emerging threats. During my boot camps and office hours, we have discussed many of the necessary elements of a layered security program, including identity and access management with two-factor authentication (2FA), user training, web protection, and moving to an EDR solution for advanced endpoint protection. As the risks evolve, so must protection against them.
Threats to end-users at home
As I wrote earlier this year, the move to getting everyone working from home amplified risk. With end users working remotely, in what we refer to as “hostile” network environments, bad actors stepped up their game, knowing there would be more opportunity to gain access to credentials, data, and systems no longer living behind the company firewall. Combining newer threats with the relaxed security posture of a home environment means a higher risk of compromise to data and credentials.
At the beginning of this shift, we talked at length about the fact users would need additional training, and partners should consider shifting their focus to protecting the endpoint and the data residing on it, as opposed to investing more in supporting network or on-premises solutions. As expected, many businesses have made the decision to continue to allow work from home (or anywhere). This means those solutions and processes adopted may need to become permanent (or at least stick around for a long time).
Evolving the protections MSPs offer their customers
This is where our RMM platform really helps services providers add value for their customers in this new landscape. Being able to deploy an agent that remotely monitors, manages, and protects is key to ensuring a smooth and secure experience for end users, especially when they are distributed in many locations. Additionally, the power to deliver and manage security through the same platform adds efficiency and visibility.
Integrating EDR into the RMM platform could not have happened at a better time. The advanced threat detection and prevention capabilities that make up EDR mean that, even if a user clicks on something they shouldn’t, or a threat moves laterally in a home environment from a non-work device, advanced threats can still be stopped before they can take hold of a system being used for work purposes. So even if your partner catches a virus on their personal laptop and it attempts to spread, the work machine with EDR on it can catch it before it causes damage to that endpoint.
Additionally, many threats alter techniques over time to evade detection from traditional antivirus and monitoring, but the actions they perform can be detected and stopped by the artificial intelligence (AI) and machine learning functionality available in SolarWinds EDR. Even more important, if an infection does try to take hold, the rollback features will allow you to restore the system to a known safe state from the dashboard without having to lose time (or risk a technician’s health) traveling to an end user’s home to resolve the issue or reformat a system.
Being able to deploy, control, and manage EDR from the RMM environment has been one of the most requested additions in our Advisory Group discussions with our product managers and partners, and it is now available in the integrations section of the RMM console.
You can create policies and select customers, sites, and groups to deploy to. And monitoring rules will automatically be created after deployment for those systems. Ultimately, this integration helps you discover what needs attention at a given moment—right from the dashboard—and you can act to further investigate, identify, and resolve threats without having to leave the RMM platform.
For those looking at advanced security solutions to address the new remote work environment, I recommend considering integrated EDR for the advanced protection and efficiency it can offer you. Remember—as threats evolve, so should your services!
Ready to learn more about the SolarWinds EDR integration in SolarWinds RMM? Read more today.
Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd