Acronis, a global technology company, has launched a new endpoint detection and response (EDR) platform for its Acronis Cyber Protect Cloud. The platform is designed to detect anomalous user behavior and events on corporate endpoints, such as laptops and mobile devices, as a means of catching and containing potential cyber attacks. This is part of Acronis’ plan to become a comprehensive platform for managed services providers, value-added resellers, and enterprises, but the company faces stiff competition in a crowded marketplace.
The EDR platform works alongside Acronis’ other endpoint security technologies, including signature-based and heuristic-based anti-malware, to provide visibility into more complex attacks such as zero days. It will also integrate with Intel’s threat detection technology (TDT), which is a system on a chip architecture capable of uncovering attacks, like fileless malware, that get deployed in memory.
According to Canalys Chief Analyst of Global Infrastructure, Cloud and Cybersecurity Research, Matthew Ball, the EDR platform will help level the playing field with other industry players like Trend Micro, Trellix, CrowdStrike, SentinelOne, Microsoft, and Broadcom. However, analysts have said that Acronis will have plenty of competition as they are seen as a relatively small player in a big market.
While the additional endpoint security technology fills a gap in Acronis’ portfolio, the vendor still has to persuade customers that it is in their best interest to invest in their solution, according to Michael Suby, a security and trust research vice president at IDC. Nevertheless, Acronis’ decision to build their EDR platform rather than work with a third-party provider can strengthen its overall security offering.
The combination of EPP and EDR has a cyclical learning cycle, according to Suby, allowing the vendor to take what they learned in EDR and improve their EPP. Acronis also provides an integrated path to remediation, aligning with the National Institute of Standards and Technology’s cybersecurity risk framework of identify, protect, detect, respond, and recover.
Because Acronis’ technology stack includes file backup and disaster recovery functionality, the vendor offers a unique solution that combines backup, recovery, and cybersecurity, which can consolidate vendors for managed services providers. This can potentially lead to the consolidation of the number of platforms customers have to toggle among, offering a product that aligns with the cybersecurity risk framework.
One detection component that Acronis has added to their EDR platform is its integration with Intel TDT. Fileless attacks now make up 71% of all malware attacks, making them difficult to detect using traditional computing methods. TDT offloads memory scanning from the CPU to the GPU, enabling users to continue working on the endpoint while providing a boost to the scanning technology. By leveraging this IIntel-integrated GPU, Acronis can perform more frequent scanning for early indicators of attacks.
According to Todd Cramer, director of business development for security ecosystems at Intel, the use of TDT is beneficial because it prevents the malware from gaining a foothold before expanding across the system. IDC’s Suby sees the use of TDT as a potential EDR differentiator that allows Acronis to detect different types of adversary-type activities that they otherwise would not.
While the integration with Intel TDT limits the functionality to Intel-powered endpoints such as Windows-based PCs, other endpoint detection capabilities that reside on the operating system (OS) layer or higher will continue to function regardless of the hardware.
Overall, Acronis’ EDR platform adds an important component to their security and endpoint protection platform and helps the company catch up to other market players. However, with a number of industry players providing similar solutions, Acronis still has work to do in convincing potential customers that their solution is the best fit for their needs.