Acronis Cyber Protect Cloud

with Advanced Security +

EDR* Early access

*Endpoint Detection and Response

© Acronis 2022 1
EDR Overview
© Acronis 2022 2
What’s EDR?

EDR (Endpoint Detection and Response)

is an active, endpoint security solution capable of both
identifying in-progress attacks, compromises or
breaches – and then remediate it.

Gartner – Primary EDR capabilities:

▪ Detect security incidents
▪ Contain the incident at the endpoint
▪ Investigate security incidents
▪ Provide remediation guidance

© Acronis 2022 3
 The need for EDR

Advanced attacks can only Addressing breach For many – compliance

be countered with advanced impact is inevitable to is essential
security ensure continuity
More than 60% of breaches involve some 70 days to contain a breach Regulations require organizations
form of hacking to report security incidents within
USD 4.35 million – average total cost a strict time-frame – e.g. 72 hours
On average, it takes organizations
of a data breach for GDPR
207 days to identify a breach
76% of security and IT teams struggle 70% of breaches involve PII
with no common view over (post-incident analysis required for reporting
applications and assets for regulatory purposes)

Sources: “Data Breach Investigations Report’, Verizon, 2022”; “Cost of data breach report”, 2022, IBM Security & Ponemon Institute; “Costs and Consequences of Gaps in Vulnerability
Response,” ServiceNow, 2020, Investigation or Exasperation? The State of Security Operations”, iDC

© Acronis 2022 4
How EDR helps to protect against more threats

Known malware ▪ Variants of known • Exploits (recent vulnerabilities) ▪ Zero-day exploits

malware • Polymorphic malware ▪ Elusive threats: zero-day
▪ Common exploit kits • Obfuscation techniques malware, hacking tools,
▪ Phishing kits fileless attacks, living off
Number of attacks

the land malware, APTs

Detection-and-protection-only technologies: Detection and

AV (Signature based scanning), NGAV (AI/ML, response
Behavior analysis), Anti-ransomware, Anti-exploitation, technologies:
URL filtering, Patch management EDR

Antimalware EDR

Low Attack complexity High Very High

© Acronis 2022 5
Next step – antimalware vs EDR
Category Antimalware EDR

Focus Block/prevent attack Post-incident detection and response

Detects and stops “known bad”
Detection Technology
files, processes or behaviors
Low – shows only detected and blocked
Visibility into attacks
threats.
Detects “intent” by correlating a series
of actions an attacker performs to be successful
at achieving its objective
High –broader scope of incidents and maps
steps of the attack to show:
• How did it get in?
• How did it hide its tracks?
• What did it harm?
• How did it spread?

Provides a multitude of response capabilities to:

Automatically blocks “known bad” processes • Contain the incident at the endpoint
Response capabilities
and quarantines threats • Investigate security incidents
• Provide remediation

© Acronis 2022 6
Advanced Security + EDR
Overview

© Acronis 2022 7
Powered by award-winning endpoint protection
AV-Comparatives Approved AV-Test Certified
Business Security
Detection and Blocking of ICSA Labs Certified
Real-World Protection Test - 0 false
Advanced Attacks – 100%
positives 0 false positives
detection
Malware Protection Test - 0 false
positive 0 false positives

VB100 Certified Gold medal for Endpoint

0 false positives protection

Anti-Malware Testing Standard Anti-Phishing Working Group

Microsoft Virus Initiative member
Organization member member

Anti-Malware Test Lab participant

VIRUSTOTAL member Cloud Security Alliance member
and test winner

© Acronis 2022 8
Includes all functionalities of Advanced Security
Full feature-based comparison between the two packs is available here
Next-generation anti-malware: URL filtering: Extend cyber Exploit prevention:
Prevent threats with signature- and protection to web browsing to Reduce the risks of exploits
behavior-based endpoint protection prevent attacks from malicious and malware taking advantage
websites of clients’ software vulnerabilities

Smart protection plans: Auto-adjust Forensic backup:

patching, scanning and backing-up Enable forensic investigations
based on threat alarms from Acronis by collecting digital evidence
Cyber Protection Operations Centers in image-based backups

Better protection with fewer resources:
Protect backups against malware and
enable more aggressive scans by
offloading data to central storage,
including the cloud
Safe recovery:
Prevent threat reoccurrence by
integrating anti-malware scans of
backups and antivirus database
updates into the recovery process
Global and local allowlists:
Created from backups to support
more aggressive heuristics,
preventing false detections

© Acronis 2022 9
 Advanced Security + Endpoint
Detection and Response (EDR)

DETECT, and RESPOND to advanced attacks that sneak past other endpoint defenses with minimal
investigation efforts and with pre-integrated IDENTIFY, PROTECT, and RECOVER capabilities.

Continuity at the speed of

business with protection across
NISТ, including recovery & backup

Minutes-not-hours detection
and incident analysis across
MITRE ATT&CK®

Rapid turn-on and scale with an

MSP-class platform
© Acronis 2022 10
Analyze attacks in minutes to unlock rapid response
Leverage MI-based, human-friendly interpretation of attacks and prioritized visibility
Enable your team to effortlessly analyze attacks
with ease and speed:
▪ Gain complete visibility into the attack chain –
the attack evolution is mapped to the MITRE
framework (industry-standard)
• How did it get in?
• How did it hide its tracks?
• How did it cause harm?
• How did it spread?

▪ Save money and time, removing the need for

rigorous trainings or highly skilled personnel doing
operational tasks
▪ Get a prioritized visibility of suspicious activities
across endpoints – rather than flat list of all alerts
▪ Focus threat hunting using an emerging threat
intelligence feed to search for IoCs

© Acronis 2022 11
Stop the breach and ensure
business continuity
Succeed where point solutions fail. Unlock the full
power of a platform with integrated capabilities across
the NIST framework
▪ Identify – inventory and data classification to better understand attack surface

▪ Protect – threat feed, forensic insights, data protection map, patch management,
blocking analyzed attacks, and policy management to reduce risks

▪ Detect – continuous monitoring using automated behavioral- and signature-

based engines, URL filtering, threat intelligence feed, event correlation and
MITRE ATT&CK®

▪ Respond – rapid investigation, forensic data collection, endpoint isolation, killing

processes, quarantining threats, and attack-specific rollbacks to limit the impact.

▪ Recover – best-of-breed backup and disaster recovery for true business

continuity

Select the actions you want to take, and respond with a single click.

© Acronis 2022 12
Short EDR story – a bank robbery
Robber disguised Moves towards Disables Surveillance team Security team
as technician Vault Cameras escalates to takes suspect
enters the bank Security team down

Benign event Suspicious event Suspicious event Potential breach Response action
▪ Security guard couldn’t ▪ Technician has no job ▪ Camera shouldn’t be ▪ Surveillance team ▪ Security team analyses
identify the robber due to his near vault disabled unless prior unaware of any and validates the breach.
Bank impersonation permission obtained maintenance on ▪ Suspect is taken down;
Security surveillance cameras team fixes gaps in
Detection & ▪ High number of camera maintenance
suspicious activities process e.g. known
Response
▪ Next step: Escalation technicians only with
to Security team background checks only

Benign event Suspicious event Suspicious event Potential breach Single-click response to:
▪ EDR records the benign ▪ EDR records the events ▪ Another suspicious ▪ An incident is created • Investigate further
event activity: EDR tries to and MSP can review the • Contain threats
Avanced ▪ Note: AV solution fails to correlate this activity with chain of related events.
other related ones, which • Remediate
Security + detect the threat (no match in ▪ Each step of the attack
its database) might lead to is explained by showing • Recover business
EDR a breach what the attacker did continuity and data
and how • Prevent threats from
reoccurring

© Acronis 2022 13
Acronis as a service provider partner
Acronis is dedicated to enable partners to succeed, instead of competing with them
▪ Rapidly turn-up services with modular approach
through with a single console and agent

▪ Innovation unlocks high-value and high-margin

services, accessible for clients of all sizes

▪ Control TCO with ease service-tiering and

management using a single, integrated platform

▪ Work with a vendor and ally focused on your success –

not competing with you for your client business

▪ Acronis #CyberFit partner program and enablement –

assets, trainings, marketing & sales support

© Acronis 2022 14
 Advanced Security + EDR: Top 4 use cases

Reduce risk from Enable Strengthen Solution

advanced threats cyber insurance compliance & consolidation
(detect, respond & ease reporting
recover)

© Acronis 2022 15
Licensing & pricing

© Acronis 2022 16
Advanced Security + EDR: Licensing
Product name Description

Advanced Security + An Advanced pack that includes all functionalities of Advanced

EDR Security and expends them with EDR capabilities

Advanced Security + EDR is licensed per-

workload Pack Features
Behavior-based detection Included
Anti-ransomware with automatic rollback Included
Vulnerability assessments Included
Advanced Device control Included
Remediation including full reimaging Included
security URL filtering Included
Exploit prevention Included
Real-time threat intelligence feed Included
Automated, tunable, profiling-based allowlisting Included
Event monitoring
Licensing as an Advanced pack applicable to both Automated event correlation Included
per-workload and per-GB licensing models of Prioritization of suspicious activities Included
Automated MITRE ATT&CK® attack chain
Acronis Cyber Protect Cloud visualization and interpretation
Included
Single-click response to incidents Included
+ EDR Response: Full threat containment incl. endpoint
Included
quarantine and isolation
Response: Attack-specific rollback or full recovery
Intelligent search for IoCs incl. emerging threats Included
Forensic data collection Included
Attack-specific rollback Included

© Acronis 2022 17
How to package services with Advanced Security + EDR

$49 $89 $149

Tier 1: Tier 2: Tier 3:
• Backup • Managed detection and response • Managed detection and response
Adv Security + EDR

• Anti-malware • Backup • Backup

• Anti-ransomware • Anti-malware • Anti-malware
• Web protection • Anti-ransomware • Anti-ransomware
• File sync & share • Web protection • Web protection
• File sync & share • File sync & share
• Email security • Email security
• Asset tracking and management • Asset tracking and management
Other Adv.
packs

• Health and performance monitoring • Health and performance monitoring

• Remote management and assistance • Remote management and assistance
• Disaster recovery
• Firewall
• Password management
• Password management
Third
party

• Network security
• Network management

© Acronis 2022 18