EDR - How to choose the right version?

• Skills and knowledge gap

• Time and resource shortage

• Alert and managerial fatigue

• Pricing/licensing

This will naturally depend on the type and level of service you are providing. When offering standard EDR services, you might face pricing/licensing challenges and struggle to educate end-users about benefits of EDR solutions. As we progress to more demanding customers we are faced with more demanding challenges. Having flexibility when it comes to your EDR offering and a vendor that supports you along the way is the key.

Which version fits your needs?

Every IT service provider needs to define their security baseline and your offering will depend on two important factors. First will be your business plan, meaning what type of service do you plan to offer (are you an MSP or MSSP?). And second one is market maturity. It is important to note here that even basic EDR offering provides better protection from most advanced threats than standard AV solutions, so having standard EDR offering as a part of your baseline or layered security strategy is a great start. You can transition to more specialized services when the time is right.

EDR solutions are based on Artificial Intelligence and include multiple AI engines that monitor both, pre-execution and post-execution behavior of files and processes. This is also one of main differences between EDR and AV solutions. We will not go deeper into this here, you can find more detailed comparison between the two in our previous blogs (EDR Demystified). N-able EDR (powered by Sentinel One) makes it extremely simple to set up policies and automate responses to different type of events. Once set up, it can fully take over the protection and remediation activities with a robust set of features:

• Multiple AI engines (Static AI engines, Behavioral AI, Documents, Scripts, Lateral movement, Anti Exploitation - Fileless attacks, Potentially unwanted applications, Application control, Intrusion detection)

• Disconnect from network feature

• Anti tampering (protected VSS)

• Automatic rollback (reverse changes done to system by suspicious activities)

• Network and Device control

To put it simply, when threat is detected it can prevent lateral movement by disconnecting device from the network. Reverse all changes done to device itself (by ransomware for example) and give you detailed forensics about the scope of the attack. This is all available in base EDR package that we call CONTROL

In case your customers require more active approach to threats you can always add Threat Hunting services on top of your EDR offering. This would be a COMPLETE version. Here is where you would normally need more expertise and the truth is that not all IT service providers feel comfortable offering this type of service as it most commonly offered by MSSPs. With N-able EDR you can rely on SentinelOne researches (Watch Tower - Emerging Threat hunting service) to do the heavy lifting for you. Normally this will increase the cost of your licensing, but will include quick detection and diagnosis of exposure to current threats, emergency triage and response, as well as monthly digest of hunting activities. SentinelOne Watch Tower will provide you with active Threat Hunting services and notifications of threat identified within your network. This normally includes:

• Timeline

• Affected hosts

• Atomic or Behavioral IOCs

• Sentinel One Storyline ID

• Queries to leverage for hunt or STAR rules

Watch Tower will provide recommendations for remediation if necessary as well. It is up to you to take the necessary steps to remediate those threats.

Go for Fully Managed EDR (MDR)

If you are like most of IT service providers and feel that this is taking to much of your time, resources, or that your team is lacking proper skill set and building a new one that will be focused on security services is presenting to be a challenge, both financially and from time perspective, fully managed EDR (MDR) is a perfect choice. Not only it will save you time and money, you will have leading industry experts on your team making sure your customers get outstanding service. This is where SentinelOne’s Vigilance Security Operations team (SOC) comes into play. SentinelOne Vigilance team will provide you with 24x7x365 threat analysis & containment. They will make sure all threats are reviewed, acted upon, documented, and escalated to your team only when it is really needed. SentinelOne Vigilance team is the fastest MDR service in the business with 18-minute MTTR (average time required to troubleshoot and resolve issues). With N-able EDR powered by SentinelOne you can be sure your customers are in good hands.

Our offering - how can we help you?

In our portfolio you will find different EDR versions that come with competitive pricing and flexible licensing options:

• SentinelOne Control – Standard EDR offering

• SentinelOne Complete – Control + Threat Hunting

• SentinelOne Vigilance Respond - 24x7x365 Managed SOC

You can start with standard EDR offering and upgrade your services when the time is right. Licensing is flexible, you can start with as little as 10 devices (Control & Complete only), and grow your license count as your business grows. We provide you with flexible payment options that can be aligned with your service contracts (monthly, quarterly, yearly basis). We can also help you with onboarding and training if necessary. As for pricing, we believe it is pretty competitive, also we have a time limited offer you can benefit from: