Outbreak control: keep functioning throughout an attack

Reading time: 5 min

    Published

  • 04/2023
Craig Houston

In a world where we are still recovering from a global pandemic, the term ‘outbreak control’ could be seen as slightly dramatic.

However, this WithSecure Elements update is significant and represents a major step forward for companies aiming to protect themselves and their employees from attacks. 

Elements outbreak control

Cyber protection is often a balance between stopping breaches and allowing a company to continue functioning. “Basically, there's always a certain balance between usability and protection. In many cases, companies may have to accept some risks or have some settings which are a little bit more lenient to ensure that people can do their daily work in a way that doesn't cause friction,” says Mika Arasola, Senior Product Manager at WithSecure.  

This update allows both to happen simultaneously. So, what exactly does it mean and how will it help your company?

Firstly, we can now see all EDR detections in the EPP device view. This is because our EPP and EDR are seamlessly integrated and work together at all times. With this update, EPP can see even further into what is happening on the EDR side and react accordingly. 

Once the detection has automatically occurred, there is an added ability to change the profile assignment. This means you can create a separate EPP profile that has somewhat stricter rules, as well as automated tasks that could improve the situation – such as installing patches for all available security updates immediately, as well as turning on application control rules, automatically implementing stricter firewall configurations and launch manual malware scanning. 

You can also choose to specify the EDR severity when the profile is changed and whether you only deal with severe detections or lower priority as well. 

Once those EDR detections have been closed in the EDR portal, the original profiles will change back to whatever other profile should be assigned to that device. “Essentially, it gives the partners the ability to dynamically react to some risks or potential issues in their environment,” Arasola continues. 

Why now?

The launch of this update comes as a result of a great deal of hard work behind the scenes.

“In terms of EPP, we haven’t just been developing features. We’ve also built broad foundations that we can add to,” Arasalo says proudly. “This has allowed us to add profile assignment rules at the same time, with more to come,” he confirms. 

“It’s also about giving more automation, which we can trigger based on EDR detections in addition to the large number of advanced response capabilities we already have within it,” adds Tuomas Miettinen, Technical Enablement Manager at WithSecure.

The majority of these capabilities are only to be used if needed and everything we can do automatically is done within Elements EPP. However, Elements EDR is a visibility tool for detecting something that cannot be automatically handled. This gives flexibility in case something is detected on the device.

Limiting exposure to affected devices is completely automated and kick-starts immediately. “We can very dynamically ‘harden’ the device until it has been fully investigated once we have acknowledged the EDR alert. We can then automatically shift back to the original profile, making this a very good example of our EPP and EDR working together and sharing that role and responsibility in a very clever way,” Miettinen believes.

The foundation that Arasola talks about is crucial to what is going on at WithSecure. The wide array of possibilities means that the Elements portfolio can continue to develop and adapt to new scenarios and threats that will, inevitably, arise. 

Get your free 30-day Elements EPP + EDR trial

Experience our award-winning endpoint solutions in action.

All about the user

Developing this feature meant putting the user front and center. The team at WithSecure realize that sometimes it is impossible to turn on all your strictest settings, but by implementing these features you can swiftly turn on additional protection in case something suspicious is detected.

“Sometimes it's not possible to harden everything but this gives the better option of using all the features that we can offer into use – at the very least when we spot anomalies with our EDR. It's about making sure that all capabilities can be utilised in this outbreak control rule,” Miettinen concludes.

For more info on what else has been launched during the first quarter of 2023, head over to our quarterly updates.

Related resources

WithSecure™ Elements Endpoint Detection and Response

WithSecure™ Elements Endpoint Detection and Response solution provides enhanced detection capabilities and security against cyber attacks and data breaches.

Read more

WithSecure™ Elements Endpoint Protection

WithSecure™ Elements Endpoint Protection offers cloud endpoint protection to block advanced, automated and targeted threats. Learn more here.

Read more