For many, Acronis is synonymous with backup, but the company offers even more. With its own EDR solution, Acronis aims to provide organizations with a comprehensive security plan that includes identification, protection, detection, response and recovery.

If you want to close the door to hackers and malware as much as possible, one tool is no longer enough today. First and foremost, you need to know what you have in your company, where the data is located, and what you want to protect. Then you need solutions that can detect threats based on signatures, but also based on behavior for unknown malware. Systems must then be protected from these threats by blocking them successfully and in a timely manner.

However, in reality, this doesn’t always work, so you also need a malware solution that overcomes the first line of defense. Perfectly disguised ransomware may be able to penetrate your laptop, but at some point this ransomware will need access to your files in order to encrypt them. If you recognize this in time, you can still save the furniture. Of course, such a breach requires a response plan: What do you do to ensure that the hackers get rid of all the PCs and all the leaks are closed?

Five NIST pillars

And then there is the worst-case scenario: a successful attack. Unfortunately, something like this can never be completely ruled out, but a successful hack doesn’t have to mean the end if you have good backups and a sophisticated recovery strategy. The NIST framework summarizes these things into five functions:

• Identify (what you have)
• Protect (with access and security solutions)
• Detect (relevant threat events in your area)
• reaction (to these threats)
• Recovery (if necessary with a clear strategy)

For large companies, there are numerous providers who offer a complete solution based on these five pillars. This is much more difficult for SMEs with little or no specialist staff. Acronis wants to change that, so we spoke to Rick Hebly, the company’s Director of Product Management.

Beyond backup

“Acronis was founded in 2003 and became known for backups,” says Hebly. “In subsequent years, everyone still viewed backup and recovery primarily as protection against human error, hardware failure, or natural disasters. The context has now completely changed. Companies are wondering what they can do to avoid paying ransoms to ransomware gangs. Backup and recovery are no longer the complete solution, but the last resort when all other solutions and measures have been inadequate.”

In the current context, backup and security go hand in hand and therefore have become part of the NIST framework. Acronis then decided to take care of the entire cycle as an organization.

From antivirus to EDR

“First we developed an antivirus solution,” says Hebly. “We initially detected a successful attack using signatures, but later more proactively using next-generation antivirus technology.” Such solutions not only work based on signatures of known malware, but can also detect disguised malicious code. “However, advanced antivirus solutions also focus solely on protecting an endpoint from a digital intrusion,” Hebly notes.

As we described above, a modern security architecture must also be able to detect and respond to intrusions after a successful hack. For this reason, Acronis has developed its own EDR (Endpoint Detection & Response) solution.

“EDR looks at all types of events and correlates them with each other,” explains Hebly. “There is nothing strange about setting up a new workplace. And if an administrator opens a firewall port, that’s nothing special either. But if the new workplace registers as an administrator and immediately starts tinkering with security, something may be wrong.” An EDR solution attempts to uncover possible signs of a successful hack.

Advanced but accessible

We also see such solutions from other security specialists, but these usually focus on larger companies. Acronis is trying to differentiate itself by targeting small and medium-sized businesses (SMBs). This requires a good understanding of this market and a unique architecture.

“SMEs usually turn to managed service providers to manage their IT,” explains Hebly. “These MSPs previously provided backup and recovery options and now need to position themselves as security specialists as well.”

MSPs must now also position themselves as security specialists.

Rick Hebly, Head of Product Management Acronis

Complex security systems where the SME employs a team to analyze the events detected by the EDR solution are out of the question. MSPs serving such SMBs also generally do not have the scale to operate a full-fledged business Security Operations Center (SOC) can be set up. Providing the SMB with sufficient security requires a simple, complete cyber protection solution that remains simple enough for an MSP to manage.

An agent for everything

Acronis combines EDR, backup and recovery into one agent that runs on endpoints within an organization. MSPs, in turn, receive a portal in which they can centrally manage the environments of various SMBs and keep an eye on EDR event data. “We provide built-in intelligence that radically simplifies the EDR solution so that people already working at an MSP today can start using dashboards right away,” continues Hebly. “AI takes over some of the work. Control remains in the hands of MSPs, who automatically receive a lot of context.”

For example, if the EDR solution detects a suspicious sequence of events, the MSP’s IT professional can see what the events are, why the solution considers them suspicious, and what possible solutions there are. If there are dangerous problems, the agent can temporarily isolate an endpoint, but administrators can also take other measures. In extreme cases, such as a ransomware attack, backup recovery may be the right solution.”

Democratization

“This is how we can democratize EDR. “The solution can be managed via the same hierarchical pyramid that an MSP knows from other solutions,” emphasizes the expert. “Both practically and financially, a solution is readily available to everyone.” Because everything at the end-customer endpoint runs through a single agent, custom security is no more complex than turning features on and off.

Hebly believes Acronis is unique with its SMB-focused offering that combines identification, protection, detection, response and recovery in one solution. “We offer a one-agent, full-policy plan with a high level of automation,” he points out. “Security today consists of many facets. We created a tool for the average person that still covers the entire security cycle.”

Today, Acronis positions itself as a one-stop shop for all of an organization’s cybersecurity and protection needs. Backup is still in the company’s DNA, but as part of an overall solution.