The SaaS enSilo Endpoint Security Platform can be deployed in the cloud or on-premises and supports multi-tenancy. It comprehensively secures endpoints in real time before and after infection without prompting alert fatigue, excessive dwell time or breach anxiety.
Communication control offers visibility into applications communicating with the system and can be placed into an Excel or PDF report. Organizations can create custom policies, even based on groups. Furthermore, patch remediation functionality is included. enSilo offers the ability to leverage both virtual patching and patch management integration capabilities.
A next-gen AV contained in pre-execution rulesets follows typical, as well as PCI, compliance. The algorithms in the probabilistic output attempt to guess if a file is malicious alongside real-time protection leveraging both exfiltration and ransomware prevention.
The execution graph was helpful, providing a visual representation of what occurred. It shows unmapped executables that attempted to communicate, as well as, where they were blocked. Exfiltration prevention uses containment and correlation to offer real-time protection when things get passed to the AV and it looks at the processes attempting to communicate and the consequences then blocks them in real-time based on deterministic goals and rules set forth with code traces in the memory of processes deemed clinically infected.
The collector installers were straightforward, but we found the server to be confusing. We had trouble getting all VMs to report back to the cloud server. Additionally, we were unable to get the Ubuntu machine installed and reporting correctly.
We were able to get the CentOS machine online and connected, but when we went back and checked on it, it was in a disconnected state. The reasons for this were unclear to us, and, we concluded, the Linux offerings need some work.
Apart from those difficulties, we liked the dashboard’s aesthetic. We tested it with our toolsets and threats immediately populated in the dashboard. enSilo allowed the program to run since it was set to log events versus block them. For testing purposes, we left this to see what it would yield. The event viewer quickly produced information that was intuitive and provided valuable insight. We were able to select a file and leverage forensics to further investigate what happened, such as which files it created.
Although our tests did not result in a quarantine, they were prevented from doing anything malicious. We believe enSilo, especially with the addition of playbooks and automated remediation, would be an asset for IT departments with fewer resources or less experienced professionals assisting with triaging incidents. Overall, this is a solid, intuitive product and would be ideal for those working in Windows environments.
Tested by Tom Weil