Acronis has expanded its Cyber Protect Cloud offering with a new endpoint detection and response (EDR) solution and is considering a how generative AI could fit into the platform in the future.
Specifically designed for managed service providers (MSPs), this new tool, launched on May 17 2023, focuses on optimized incident analysis, offering even non-experienced staff a straightforward interface where they can choose to work in simple English language or use naming conventions for techniques, tactics and procedures (TTPs) from the MITRE ATT&CK and the NIST cybersecurity frameworks.
The ambition of Acronis with this new product is to offer a tool helping MSPs to analyze and prioritize security incidents and potential attacks without relying on costly security expertise or time-consuming processes, Candid Wüest, VP of Research at Acronis, said during a launching event on May 15.
“By rapidly understanding attack analysis and impact, Acronis EDR users can quickly evaluate a potential threat, gain insight into how an attacker gained access, what damage was caused, and how the attack might spread,” he added.
Acronis EDR also integrates an AI-based attack analysis function. “We’ve been using AI and machine learning in various places in the Acronis Cyber Protect Cloud, from pre-execution file detection to behavior-based classification on process activity, and also for analyzing backups automatically or to predict if HDDs will fail,” Wüest told Infosecurity.
“We are currently also investigating where generative AI like large language models (LLMs) make sense to be integrated on the user-facing side.”
Eric O'Neill, former FBI counterintelligence operative, was invited by Acronis to give a presentation on how he caught Robert Hanssen, a Russian spy working for the FBI, in 2001 by getting hold of his Palm Pilot, a device used as a personal digital assistant before the emergence of smartphones.
"As a cybersecurity expert, I have witnessed firsthand the evolution of EDR and how it has revolutionized the way we approach security. The latest advances in EDR technology allow for rapid analysis of attack changes, shortened time to respond to incidents, and better business continuity for all organizations,” O’Neill said.