WithSecure Rollback: now you can turn back time
WithSecure’s new feature allows you to roll back the clock in a quick and efficient way. Here’s how.
We’re bringing a practical recovery option to WithSecure Elements this quarter that provides further protection for users in the event of a successful attack. Rather than a first port of call in the event of an attack, it provides a tool of last resort should an attack succeed.
WithSecure Rollback provides a further layer of protection to Elements Endpoint Protection (EPP) in the rare event that your defenses, including the mechanisms we already provide through Elements EPP including DeepGuard, DataGuard, Application Control and so on, are unable to prevent a successful attack.
Other vendors provide this functionality as the first level of protection for organizations; it doesn’t prevent attacks or data loss on its own. Let’s break it down.
What is it?
Rollback allows you to restore original files and settings on a device following a malware attack. Basically, if something gets through to a user’s PC and starts getting up to no good, you can turn back time and reset the file system and registry. This is different from recovering from a backup, and also happens to be a lot easier.
We did this for server shares with our Server Share Protection in January, and WithSecure Rollback is built on the same underlying tech, doing for individual workstations what Server Share Protection has been doing for larger systems already.
Here’s what it looks like in action: Demo: Rollback for WithSecure™ Elements EPP - YouTube
How does it work?
When a user starts an application on their computer, Elements EPP checks WithSecure Security Cloud to confirm the app is known and approved.
At this point, you’d be forgiven for feeling a little skeptical: we’re all familiar with the frustration of finding an overzealous security control stopping us from getting our work done – even if it’s for the right reasons. Bear with us at this point.
If the application is known to be harmful, it’s immediately blocked. If it’s known to be safe, it can be started immediately. If it’s a third type – not known – the app is allowed to start, but the EPP agent monitors its activity, tracking all the changes the application makes in the endpoint’s file system and registry.
If the app then starts getting up to no good, Elements EPP closes it down and any changes made to the file system and registry are rolled back.
So far, so good – right? But it would be a huge frustration to the user if this was a false positive and all the work they’d done in the app was effectively deleted at the whim of the cyber security team. Don’t worry – we’ve got you. All the data and changes removed during the rollback are stored in a Quarantine area, so if after investigation it’s a genuine false positive, the rollback can be cancelled and all changes restored.
When can I start playing with it?
You’ll likely have already got access to Rollback with the latest Elements EPP agent update (currently v23.5) for endpoints – but get in contact with us if not and we’ll get it sorted.
Please Review our Elements EPP via SoftwareReviews
Your opinion is important to us! Please take a moment to write a review on SoftwareReviews about your experience with Elements Endpoint Protection. The review can be given anonymously, and should take no longer than 5-6 minutes to complete. As a thank you for your approved review that meets the quality standards of the review platform, the first 50 respondents will receive a $25 Amazon gift card from SoftwareReviews. Alternatively, you can donate the entire gift card sum to charity.
Things to keep in mind:
- Customers are asked to register via business email or LinkedIn for verification purposes.
- Participants can select to remain anonymous, meaning all feedback will be fully anonymized.
- Reviews from multiple users at the same organization are also accepted.
WithSecure Elements Quarterly
Welcome to the evolution of WithSecure™ Elements in Q2/2023. This quarter we highlight a range of impressive updates and improvements.Read more
Get your free 30-day trial now
Here what’s to expect from our market-leading cyber security service:
- Install in minutes with our quick start guides
- Secure all devices 24/7 from malware
- Gain immediate visibility into your IT environment and security status
- Experience the all-in-one platform that elevates your security posture