AEC experts eliminate hackers with EDR technology surpassing traditional antiviruses
5/19/2020
AEC experts eliminate hackers with EDR technology surpassing traditional antiviruses

To defeat hackers, AEC is successfully using a sophisticated solution, efficiency of which significantly exceeds the capabilities of traditional antivirus programmes. Leading cyber security provider’s specialists have repeatedly deployed EDR technology during responses to recent attacks in financial institutions and medical facilities. With help of this technology, they promptly detected the attackers and subsequently prevented them from any further harmful activities.

The Endpoint Detection and Response (EDR) technology is featuring tools providing ways to identify a problem immediately including its correct assessment, to take a series of appropriate measures, and ultimately, to completely eliminate it. At AEC, a group of the most experienced people forming our Cyber Defense Center (CDC) is designated for the monitoring of systems of our customers and for immediate response in case of attacks.

Karel John, Head of CDC describes a typical situation: "Not so long ago, we had an urgent call from the Institute of Health Information and Statistics. There was a cyberattack under way in one the domestic medical facilities," and he further specifies: "One of their endpoints showed every evidence of malware presence, encryption was in process, files were being renamed literally under one's hands."    

Karel John

CDC members deployed an EDR tool and discovered very quickly, that the main issue was not this specific machine, but that the malware was coming through the network from one of the servers. Following on that, with help of other EDR functionalities, they tracked the code, identified the attacker's sources, and stopped him. In this case, the whole intervention took them only few hours.

Shortly after that, their good job was recognized also by Adam Vojtěch, Minister of Health, who in his statement for AEC, the parent company, said: "I would like to express many thanks in the name of the Ministry of Health. We really appreciate your approach and selflessness." The minister accentuated the fact that due to the efforts of CDC specialists the consequences of the attack were removed in an extremely short time.

However, according to Karel John, critical situations like this one need not occur at all. If the customer has an EDR solution installed including professional supervision, i.e. monitoring provided directly by CDC, the experts from the monitoring centre not only alert him to a potential issue in time, but in the event of an incident, they immediately switch to the state of emergency and apply appropriate measures. The combination of the implemented EDR together with expert supervision significantly reduces the time available to the attacker for trying to do anything.

EDR technology arranges for the collection of information on activities at the customer's endpoint, thus enabling efficient evaluation of potential security threats. This is a part of the whole solution complex suitably complementing the security of the customer's system. Also due to the cases such as the attack on a medical facility mentioned above, more and more enterprises and institutions are interested in knowing how is it possible for CDC to manage what many others cannot do.

The growing interest in the possibility of securing systems with EDR technology is one of the reasons why AEC has currently prepared a special webinar. In course of the presentation, company's experts will present a detailed anatomy breakdown of the recent attacks covered by media. The event, which will take place on Thursday, May 21 from 10 am for those registered on the AEC website, will include an introduction to the tools and techniques used in the interventions and an explanation of the principles and benefits of the monitoring provided by CDC.

"Sometimes it happens that a company gets an EDR implemented and then gains a feeling that it is 100% protected. Of course, this is not true. The key is a combination of the state-of-the-art technology and experienced people. Only professionals with expert know-how, including knowledge of the customer's environment, are able to stop the attacker quickly and correctly. For example in order to know that they are not limiting some of the customer's key functionalities by their intervention," concludes Karel John.