Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security What Is Active EDR? 
Security

What Is Active EDR? 

By SentinelOne
19 August, 2020

SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne, offers multiple features to help enhance your customers’ security at the endpoint level and give you unprecedented control in the fight against cybercrime. Today, we wanted to spotlight one specific feature—ActiveEDR. ActiveEDR tracks and contextualizes everything on a device, helps identify malicious acts in real time, and lets you automate the required responses. Read on to discover why the feature was developed and how it represents a leap forward in endpoint-based detection.

Background

In the short history of cybersecurity, we’ve seen how technologies become outdated pretty quickly as the threat landscape continuously changes. When threats began to emerge in the 90s, many businesses moved to install antivirus protection. These new products were able to fight against a relatively small amount of known viruses, although they couldn’t combat novel attacks.

Malware authors adapted quickly with trojan horses and worms running after the new gold.

Added to this was the explosion of the Dark Web and the ability of cybercriminals to share and sell tools and tactics without being traced. Trade in ransomware tools alone created a microeconomy among online criminals. When cryptocurrency was born, it solved a huge problem for these malicious groups, as they could now exploit individuals and businesses by siphoning processing power from their machines to generate new cryptocurrency without leaving a financial trace. Ransomware remains a problem, especially as cryptocurrency prices have decreased. 

Making AI accessible to everyone

To meet these challenges, enterprises needed better solutions. When AI technology became available, it didn’t take long for new innovative products to replace the legacy tools based on signature detection.

These new endpoint protection platform (EPP) tools trained an AI model on a large number of samples, then used an agent on the endpoint to tackle file-based malware. As much file-based malware reuses existing malware, the AI could detect similarities in file behavior without needing a local agent with constantly updated signature hashes. In other words, they could look at file behavior to supplement signature-based protection. 

These new tools provided some relief to the enterprise, but malware groups quickly discovered that EPP products were utterly blind to memory-based malware, lateral movement, and fileless malware attacks. To make things worse, sophisticated hacking tools made their way to a wider audience. Through leaks, nation-state malware tools and techniques became available to cybercriminals. The enterprise needed a new solution.

To fill this gap, a new line of products called endpoint detection and response (EDR) tools was born. EDR answered the need of the enterprise to be able to at least see what was happening on the corporate network. Visibility was the solution, and its new home was the cloud.

But these EDR solutions created a new set of problems. Many EDR solutions, as they stand today, provide visibility, but require skilled personnel who can take the vast amounts of data the solutions generate, contextualize it, and then use it to mitigate cyberthreats. Greater demand for talented cyberanalysts has created a massive labor shortage in the security industry. At the same time, cloud-based solutions suffer the problem of increased dwell time—the delay between infection and detection. Solving these problems is where ActiveEDR comes into play.

With so many activities happening on every device, sending all this information to the cloud for analysis might offer visibility, but it’s still far from solving the main problem—the flood of alerts facing understaffed security teams. What if you could put the equivalent of a skilled SOC analyst on each of your devices? An agent who can contextualize all the device’s activities and identify and mitigate threat attempts in real time?

SolarWinds Endpoint Detection and Response has some similarities to other EDR solutions, but unlike those, it doesn’t rely on cloud connectivity to detect a threat. This effectively helps reduce dwell time to run time. The agent uses AI to make a decision without depending on cloud connectivity. The ActiveEDR feature constantly draws stories of what is happening on the endpoint. Once it detects harm, it’s capable of mitigating not only malicious files and operations, but the entire “storyline.”

Consider this typical scenario—a user opens a tab in Google Chrome and downloads a file they believe is safe. They execute the file without realizing it’s malicious. The program initiates PowerShell to delete the local backups and then encrypts all data on the disk. ActiveEDR knows the full story, so it will mitigate this at run time, before encryption begins. When the attack is mitigated, all the elements in that story will be taken care of, all the way to the Chrome tab the user opened in the browser. It works by giving each of the elements in the story the same ID, then sending these stories to the management console, allowing visibility and clarity for security analysts and IT administrators.

A new experience for security analysts and IT technicians

The work of a security analyst or MSP technician using passive EDR can be hard.

Swamped with alerts, the analyst needs to assemble the data into a meaningful story. With ActiveEDR, this work is done instead by the agent on the endpoint. The solution has already assembled the stories so the security analyst can save time and focus on what matters. Instead of assembling stories, the analyst can review full, contextualized stories, based on a single indicator-of-compromise search. This allows security teams to understand the story and root cause behind a threat quickly. The technology can autonomously attribute each event on the endpoint to its root cause without relying on cloud resources.

Conclusion

Most current antivirus, EPP, and EDR solutions don’t solve the cybersecurity problem for the enterprise. To compensate, some rely on additional cloud services to close the gap. But relying on the cloud increases dwell time. Depending on connectivity, you could be way too late in the game to deal with the threat, as it takes only seconds for malicious activity to infect an endpoint, do harm, and remove traces of itself. This reliance on connectivity to the cloud makes many of today’s EDR tools passive as they rely on operators and services to respond after it’s already too late. SolarWinds EDR transforms the EDR to be active, allowing it to respond in real time, turning dwell time into no time.

ActiveEDR empowers security teams and IT admins to focus on the alerts that matter, helping reduce the time and cost of bringing context to the complicated and overwhelming amount of data needed with other, passive EDR solutions.

The introduction of ActiveEDR is like other technologies that helped humans become more efficient and save time and money. Like how the car replaced the horse and the autonomous vehicle will replace vehicles as we know them today, ActiveEDR is transforming the way enterprises understand endpoint security. Discover how to take a more active approach toward endpoint security by learning more about SolarWinds EDR today. 

 

Additional reading

Are EDR Solutions Solving the Problems They Need?
What is EDR (Endpoint Detection and Response)?
A Short History of EDR
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • Internet of Things (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Business Risk (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.