Leveraging cloud-based protection to alleviate heightened cyber-risks

Next story
Rene Holt
The ground invasion of Ukraine has put IT security teams across the region and farther afield on high alert for potential cyber-invasions. ESET Dynamic Threat Defense is a fast way to boost a company’s security.

At first glance, cloud-based protection may seem like an unlikely leap in thought in response to a land-based military invasion. That’s probably because talking about “the cloud” can conjure surreal notions of flying saucers. Yet the cloud is just as rooted as the computer planted on your desk. 

The cloud is nothing more than the assorted clusters of machines around the world offered for rent or as a service. Typically, these machines are located in data centers that offer connections via fiber-optic cables buried deep underground. In Ukraine, the ongoing destruction may eventually target underground cables, which would leave satellites in orbit around the earth – our flying saucers – to broker any connections.

Powerful machines for detection

The cloud can be leveraged to improve the security of your organization by providing an extra layer of protection that’s as readily available as the link to it. Connecting to powerful computers in the cloud – that is, at a data center – that are fully dedicated to analyzing files for malware dramatically enhances the protection of machines, especially those with less processing power or those dedicated to other uses.

Few corporate computers have the raw power to run heavyweight machine learning models, at least not without paying a high price for usability and performance. Furthermore, no one wants employees’ machines to be bogged down by security software that runs at full tilt, noisily spinning up to run expensive machine learning detection algorithms whenever there is an unknown sample to analyze. Yet, in some cases, that is the computing power it would take to rapidly detect some types of threats.

For architects designing security software, the limitations of corporate machine processing power speak directly to the need to balance high performance with robust detection capability. A design that focuses on faster detection of generic never-before-seen threats will likely incur performance penalties. A design that focuses on detecting sophisticated or custom threats, especially never-before-seen and new threats, will also take a toll on performance.

An advanced endpoint security product should be able to balance performance and detection so as to stand on its own without the need to link to machines in the cloud to offer protection. But most computers will unavoidably be exposed to the internet, even if via a proxy server. Threats loom large on the internet, and additional protection is available too.

ESET Dynamic Threat Defense (EDTD) steps in precisely here because it offloads the demand for enhanced detection of never-before-seen threats to machines in the cloud, keeping the performance of corporate machines high. The benefit for organizations using EDTD is enhanced, automated protection against both targeted attacks and common malware variants, shortening the time to detection. Although speed is always an appreciated benefit, ultimately, the question an organization needs to ask itself is: Do I want to be protected even against never-before-seen sophisticated threats?

Automated protection

For IT admins, once EDTD is enabled and its parameters are tuned to comply with company policy and regulations on sharing files to third parties, the added protection for endpoints, servers, and Microsoft 365 apps largely becomes a set-and-forget convenience. IT admins can view reports on the files submitted for scanning, along with detailed analysis results:
ESET Dynamic Threat Defense analysis results report
If a file turns out to be malicious, it is blocked for all machines in that company, as well as for ESET customers that participate in ESET LiveGrid®. If a file is evaluated as suspicious, it is blocked on all machines within the user’s organization, depending on the threshold set by the IT admins.

Typically, EDTD is used to scan suspicious files downloaded by browsers and email clients, as well as those stored in cloud services like OneDrive, Teams groups, and SharePoint sites via ESET Cloud Office Security.

Employees who are on the move and not connected to the corporate network via a virtual private network (VPN) can also be protected with EDTD because it is available as a service over the internet. In the case of any detections, other employees’ machines can still be informed of the detections and receive protection against the same threats. Once traveling employees return to the corporate network or connect to it via a VPN, any EDTD metadata is synchronized, and the list of submitted files is updated for IT admins to view.

Although endpoint products such as ESET Endpoint Security minimize the probability of a successful attack, especially ransomware, this may not be enough for organizations that are looking for the best protection available. This is especially a concern now with destructive threats like data wipers continuing to emerge in Ukraine. The addition of EDTD reduces the risk factor to as close to zero as state-of-the-art technology can achieve.

In response to the heightened cyberthreat environment, ESET is now offering increased protection to all existing and new customers of ESET PROTECT Cloud. A 90-day trial of EDTD can be enabled with just one click in the ESET PROTECT Cloud management console, in the “ESET Solutions” section of the main menu.