This blog is a follow-on of sorts from the current information available about our product called ‘Cloud Cover’, before reading the below I would suggest visiting the following link to give you a bit more context: Cyber Security
As part of our Cloud Cover product, Lucidity uses a couple of tools to ensure that machines are up to date, maintained and protected against any and all possible threats from the outside world.
I thought it would be useful to go through these two tools and give you a brief overview as to how we utilise them to fully support the Cloud Cover product.
SentinelOne – Endpoint protection and detection
What is this?
Basically, this protects you against Malware, exploits and other malicious threats.
It will actively monitor the machines that it is installed on, quarantine any potential threats and alert our engineering team to investigate ASAP.
What does it do?
This can protect against the following:
- Executables – This is includes things like trojans, malware , worms, backdoors and other nasties.
- Fileless – Sometimes threats can take form in the computer’s memory which on the surface means they are fairly well hidden, with this tool we can also detect and remove instance that live in memory and don’t display the usual disk based indicators of a problem.
- Documents – Malicious code or scripts can be hidden in your average every day office documents as well as PDF’s and text files – this application helps us find patterns and discover hard to detect vulnerabilities and deal with them swiftly.
- Browsers – As browsers are always being updated and changed with add-ins and extensions etc, we find that SentinelOne allows us to detail with the unexpected issues that surfing the web and using browsers brings with it.
- Credentials – Unfortunately there are apps that have been built by people with the sole purpose of scraping and downloading any saved credentials and then using these credentials to cause massive amounts of harm – luckily this is another element of cyber security that SentinelOne can deal with efficiency.
What’s an example of how it can help me?
You could download a PDF from a website that contains various relevant information that is useful to you and then at the end of the day you shutdown your computer and finish work. That file you downloaded may have been what you needed but it could also have been infected and now subsequently your machine is too.
Having Cloud Cover will mean that this is detected and our engineers will be alerted to the fact and you will get a phone call to assist in resolving \ removing this threat.
Machine Learning
Machine learning isn’t quite self aware computers that can talk to you or anything like Skynet. However, machine learning does provide protection from threats that may not present themselves in the usual way but the machine can still detect the behaviour and typical traits of a threat.
Allow me to explain a little further about the way that Cloud Cover’s machine learning features work.
Deep File Inspection
The applications used within Cloud Cover are able to be trained to detect and highlight certain threats by analysing a range of technical info and reports that can be gathered from files that run on your machines.
Just like going through an airport scanner with a metal belt on, if the file has something to hide – it will be found.
Any and all styles of threat that are found within the files\folders will be added back to the database as “knowledge” for future use against threats.
Dynamic Behavioural Tracking
With our Cloud Cover plan you will be protected by an anti-virus that can take advantage of dynamic behavioural tracking which although sounds complicated, is really quite simple. Behavioural Tracking is the process of tracking any and all changes\modifications on a computer\system – this is everything from services that may be started or stopped to very subtle registry entry changes.
When a threat or vulnerability is found it is destroyed and removed but not only this, it looks for how the particular threat was built and what was affected and uses this information going forward to finely tune itself to be quicker and more effective at dealing with threats in the future.
Kaseya – Device updates and remote management
What is this?
This tool is the brain behind our device update and monitoring process under the Cloud Cover umbrella. We use this piece of software to keep an eye on all of your enrolled devices, doing lots of checks including making sure they don’t run out of hard drive space, through to making sure that they have the latest Windows Updates.
What does it do?
Kaseya goes out to the internet and checks in directly with our system and informs us of its general health. Large amounts of info from lots of individual machines allow us to quickly and effectively troubleshoot the most common computer issues.
Kaseya is essentially calling home and asking questions such as:
- “Are my updates the latest and greatest?”
- “Are there any scripts that I need to run?”
- “I am available to be connected to remotely by a lucidity support engineer”
What’s an example of how it can help me?
Sometimes in the world of IT, bugs and errors occur with released Windows updates.
If for example an urgent update is needed across lots of machines to secure a vulnerability we can quickly push this to multiple machines all at once
BUT WAIT, WE CANT UPDATE DURING THE DAY?!? – not a problem 😊 we can set update windows and exact requirements to make sure it does not affect your day to day operation but keeps you updated and protected.
Hopefully the above has made things a little clearer, if you have questions or queries please feel free to contact your account manager or the Lucidity Sales team (sales@lucidity.co.nz) for more information.