(402) 817-2630 help@fivenines.com

Endpoint Detection and Response

Five Nines will be implementing an Endpoint Detection and Response (EDR) tool for all partners.

 

How Does This Impact You:

Your price per-user will increase by $4 per month and you will benefit from increased security, detection, and response. Five Nines will not be charging any project or implementation costs for this security improvement. We just need your help with choosing “when”.

 

What is EDR?

The Five Nines EDR tool is an endpoint-based managed detection and response service. It is deployed as software to all Windows-based workstations and servers (Mac support is in beta testing). It monitors for early signs of malicious intrusion — known as persistence or footholds — that are necessary for a threat actor to continue their work inside the environment. Nearly all hacks first involve some kind of remote-access trojan or bot, and our EDR service knows how to search for them, identify them, and stop them.

The EDR tool sits at the bottom of your technology stack and scans for potentially malicious activity. It also ensures that if your organization has ever experienced a cyber attack, the remediation was done correctly, and no outstanding footholds persist.

 

Why are we implementing it?

When organizations choose to work with Five Nines, they trust that our teams will proactively research and maintain tools that provide our partners the top level of security. In our partnership agreements, our partners mutually agree to allow Five Nines to implement new tools when necessary that will increase their security during changing market conditions. While we do this sparingly, the implementation of EDR is critically important for all partners due to the current threat landscape.

We are implementing the Five Nines EDR tool for a few reasons. First, cyber insurance companies have begun requiring an EDR tool to maintain coverage, or to obtain preferable rates and limits. While this is being enforced by some carriers already, we expect most if not all to enforce it within a year or so. Second, following a beta test with a handful of Five Nines partners, the Five Nines team and the partners immediately recognized the value. The monthly report (shown below) provides great feedback on total systems protected (number of workstations and servers), changes/activities analyzed, number of potential threat indicators, in-depth investigations performed, and number of incidents reported.

Of the incidents reported to Five Nines, it provides you an understanding of the criticality of the issue, the reason it was flagged, and the device(s) it was targeting.

Third, you will have a third-party SOC watching your environment for signs of things that sneak behind other protections, which provides an additional resistance to ransomware.

Monthly Report Example:

 

 

View Full Report Sample: https://fivenines.com/wp-content/uploads/2021/08/Dundler-Mifflin-Monthly-Summary-11-2021-1.pdf

Implementation Process

While we would like to get as many Five Nines partners onboarded with the EDR tool as quickly as possible, we do have limited scheduling capacity. Over the next 90 days, your Account Manager will be reaching out to schedule your implementation date. If your organization would like to implement this as soon as possible, please contact your Account Manager.

 

FAQS:

Q: Is this optional? Can we opt out? 

A: No, all partners will be required to implement the EDR tool.

Q: How long does implementation take? 

A: Once our teams have worked with you to decide on a day and time to implement the EDR tool, it will take in most cases under 2 hours for implementation.

Q: Does this implementation require down time or employees restarting their devices for the changes to go into effect?

A: No.

Q: Does this have to be implemented after-hours?

A: No. Five Nines is recommending a day-time implementation within normal business hours.

Q: Does the EDR tool monitor and protect O365?

A: No.

Q: I have a Managed Detection and Response service (Perch, Arctic Wolf), do I need EDR? Do I no longer need my MDR service?

A: The Five Nines EDR tool does not replace the need for an MDR service. MDR and EDR are complementary solutions. They monitor different sources of data, with some overlap. While MDR is in some ways a “superset” of monitoring beyond what EDR alone can do, Arctic Wolf have declined to officially say they provide “EDR”. Arctic Wolf ingests data from endpoints, network equipment, traffic monitoring, Active Directory, Office 365, and other log sources into their SIEM. Their SOC then triages any anomalies or indicators of potential compromise and escalates as necessary to Five Nines. By contrast, our EDR tool looks specifically at endpoint information, and specializes in identifying threats there. Our EDR tool also provides ransomware “canaries”, special files that if altered in any way trigger an investigation, providing an early-detection system for potential ransomware events. Five Nines recommends MDR customers also use our EDR.