Just two letters separate the words managed versus un-managed endpoint detection and response (EDR). Yet, for IT and managed service providers (MSPs), the distinction can often be the difference between surviving or going out of business.
We recently onboarded an Overwatch MSP partner who brought us several end clients for Overwatch Managed EDR. The MSP had made the decision to walk away from an unmanaged EDR tool for 24/7 monitoring, detection and response capabilities. Within days, security analysts who were monitoring the MSP and client networks from the Overwatch 24/7 security operations center (SOC), received multiple alerts. Upon investigating, Overwatch discovered the MSP’s end clients were compromised.
The Overwatch SOC team immediately isolated the hash inside the malicious file. They confirmed the alerts were not false positives, but actual malicious activity. They identified traffic was being sent from multiple end customers to outside sources. Analysts created a rule in the Overwatch EDR platform to hunt for the infected hash across its multitenant environments. It became clear no other MSP partners or end customers had been impacted. Overwatch blocked the threat at its origin and provided day-two guidance on the incident. The EDR vendor was also notified and promptly updated its threat hunting management console.
Overwatch security analysts blocked the threat and isolated it to the infected applications, preventing further irreversible damage. Furthermore, Overwatch delivered white-glove detection and response services to the MSP partner, giving them guidance to resolve the incident expeditiously.
Overwatch Managed EDR delivers a one-two punch against cybercriminals with the industry’s market-leading AI-driven endpoint security platform managed by our expert cybersecurity team from our 24/7 SOC. Overwatch Managed EDR includes not only the vendor solution but also additional Overwatch threat detection rules. Ask for a demo today: overwatchsales@highwirenetworks.com
