‘Uncertainty’ is perhaps the most appropriate way to describe the year 2021. Every company that has survived the last two years, including Stratus Blue, had to undergo a massive transformation — right from revamping business strategies to quickly adapting to the new norm.
The world of connected networks and information technology swiftly changed. Not only because of technological advancements but also due to remote working. You know well enough how the Covid-19 pandemic carved a complete social and professional change on numerous levels.
Of course, that translated to an intense impact on technology in the workplace and how businesses used it, but more pressing, the landscape of cybersecurity.
As a managed service provider (MSP), the last two years saw a sudden and dramatic increase in technical fire-fighting, setting up remote offices, troubleshooting security or operational issues, and connecting with the change in customer needs.
Stratus Blue has been operating as an MSP in the Bay of Plenty for five years, and we have viewed our role in our partnerships with our clients as an integral part of their business success by keeping their systems secure, and up to date while supporting them with technical requirements.
The past year however, has, as with many businesses in New Zealand brought about the challenges of unprecedented times as well as highlighted the fundamental part we play in business continuity, security, and proactive solutions, helping organisations to resume day-to-day business with little to no disruption and minimal risk to cyber threats regardless of the working environment.
The transition to a predominantly flexible and remote workforce shed light on the significance of a stable, reliable, and safe IT framework.
As Stratus Blue navigated the rapid demand for solutions that allowed businesses to be both agile and secure; we recognised that as an organisation we needed to become clear on our purpose, implement “the upskilling imperative”, and align ourselves with partners that are first in class solutions for our client needs. Our goal is to: “give businesses the freedom to be remarkable and leave their IT in our capable hands”.
Our purpose has driven us to launch an internal project with a focus on researching new software and technology advancements. Testing these platforms extensively has uncovered how we can offer our clients the best possible protection; giving them confidence that they are operating in a reliable and secure digital environment.
To achieve this, we’ve gone through our own processes to ensure what we’re offering is the most appropriate service. We discovered that an Endpoint Detection and Response (EDR) solution was a vital part of our services that we needed to offer as a solution in the current cyber security threat landscape.
What is EDR and how does it work?
An Endpoint Detection and Response service aims to detect malicious activity and threats, and then applies appropriate action to prevent possible breaches.
EDR is a natural evolution of antivirus. It has artificial intelligence (AI) built-in, which analyses behaviour and looks for anomalies, patterns, or indications of a breach. The AI gets to understand normal working practices over time to offer further capability to help stop a breach.
EDR security solutions provide real-time visibility of network endpoints, as well as proactive capabilities for identifying and responding to endpoint threats.
EDR solutions enable continuous monitoring. You’ll gain the advantage of setting up automated processes that hunt down threats at the endpoint.
Threat detection capabilities vary from vendor to vendor, but most scan for patterns and look for anomalies that represent malicious activity. Artificial Intelligence (AI) continue to study the network, users, and events, providing security teams with the most current information.
We’ve tested several options including CrowdStrike, Windows Defender and ESET EDR and our testing has led us to recommend SentinelOne. In the 2020 MITRE Ingenuity ATT&CK Evaluation – the most trusted 3rd party performance test in the industry – SentinelOne achieved record-breaking results, becoming the first EDR vendor to deliver 100% visibility of an attack with the most analytic detections 2 years running. The SentinelOne Singularity platform consolidated the 174-step campaign into just 7 console alerts out-of-the-box, automatically providing analysts with the context & correlation they need without extensive setup.
CrowdStrike’s performance missed the mark in speed and substance, only producing a third as many detections despite its 62 misses, delays, and configuration changes. It’s given us the confidence that we are partnering with the best supplier to provide the best possible solution.
This exercise taught us that in our industry it is essential for us to continue to stay on the edge of leading technology, to remain flexible, and continuously strive to position ourselves as the leaders in our field with a client and partner focus that sets us apart.