Endpoint Detection and Response for service providers
Easily launch a complete EDR security solution with rapid recovery
- Integrated backup and recovery capabilities, providing robust business continuity where point-security solutions fail.
- Single-click remediation and recovery.
- Complete, integrated protection across the NIST Cybersecurity Framework — Govern, Identify, Protect, Detect, Respond and Recover — all from a single solution.
Protect against modern threats and comply with cyber insurance requirements
- Get a prioritized view over incidents and unlock minutes-not-hours analysis at scale with AI-based incident summaries and guided attack interpretations.
- Meet multiple cyber insurance requirements with a single platform
- Protect sensitive data and report on incidents to satisfy compliance.
Maximize efficiency by minimizing administrative overhead with a single security platform
- Quickly and easily launch new services using a single Acronis agent and console to deploy, manage and scale.
- Scale costs and resources across multiple clients while preserving healthy margins and minimizing OpEx.
- Partner with a vendor focused on your success and enablement.
The most complete EDR solution for MSPs: Comprehensive protection across NIST
Govern
Identify
Protect
Detect
Respond
Recover
Want to extend clients’ cyber protection beyond the endpoint?
Unlock all the benefits of Acronis EDR, including AI-guided attack interpretations and integrated response and recovery, with Acronis XDR and its extended visibility and response beyond the endpoint into most vulnerable attack surfaces.
Unmatched business continuity with single-click response
-
Remediateby network isolating endpoints, killing malicious processes, quarantining threats and rolling back attack changes.
-
Investigate furtherusing remote connections and forensic backups.
-
Prevent future attacksby blocking analyzed threats from execution and closing open vulnerabilities.
-
Ensure business continuity with integrated recoveryincluding attack-specific rollback, file- or image-level recovery and disaster recovery.
Offer EDR to your clients without investing your own resources
Acronis MDR is a simplified, fully managed EDR service that is built for MSPs and delivered via a platform that amplifies security effectiveness with minimal resource investment.
Rapid investigations and threat response
Higher value, better margins with an EDR solution designed to empower MSPs to build services
| Features | Acronis Advanced Pack - Cybersecurity ( Security + EDR) | Security + EDR | Security + XDR |
|---|---|---|---|
| Behavior-based detection | - | ✔ | ✔ |
| Vulnerability assessments | - | ✔ | ✔ |
| Device control | - | ✔ | ✔ |
| File- and system-level backup | - | ✔ | ✔ |
| Inventory collection (with Advanced Management) | - | ✔ | ✔ |
| Patch management (with Advanced Management) | - | ✔ | ✔ |
| #CyberFit Score (security posture evaluation) | - | ✔ | ✔ |
| Remote connection (with Advanced Management) | - | ✔ | ✔ |
| Remediation including full reimaging | - | ✔ | ✔ |
| Business continuity (with Advanced Disaster Recovery) | - | ✔ | ✔ |
| URL filtering | - | ✔ | ✔ |
| Exploit prevention | - | ✔ | ✔ |
| Real-time threat intelligence feed | - | ✔ | ✔ |
| Threat hunting – Early access | - | ✔ | ✔ |
| Automated, tunable allowlisting based on profiling | - | ✔ | ✔ |
| Forensic data collection | - | ✔ | ✔ |
| Event monitoring | - | ✔ | ✔ |
| Automated event correlation | - | ✔ | ✔ |
| GenAI assistant (Acronis Copilot – Early Access) | - | ✔ | ✔ |
| Prioritization of suspicious activities | - | ✔ | ✔ |
| AI-generated incident summaries | - | ✔ | ✔ |
| Automated MITRE ATT&CK® attack chain visualization and interpretation | - | ✔ | ✔ |
| Single-click response to incidents | - | ✔ | ✔ |
| Full threat containment including endpoint quarantine and isolation | - | ✔ | ✔ |
| Automated response playbooks | - | ✔ | ✔ |
| Intelligent search for IoCs including emerging threats | - | ✔ | ✔ |
| Attack-specific rollback | - | ✔ | ✔ |
| Anti-ransomware protection with automatic rollback | - | ✔ | ✔ |
| Integration with Microsoft 365 apps (SharePoint, OneDrive, Teams, and Outlook, Entra ID) | - | - | ✔ |
| Integration with Advanced Email Security (email telemetry) | - | - | ✔ |
| Integration with Collaboration App Security (Microsoft 365 apps telemetry) | - | - | ✔ |
| Delete malicious email attachment or URLs | - | - | ✔ |
| Search for malicious attachments across mailboxes | - | - | ✔ |
| Block malicious email address | - | - | ✔ |
| Terminate all user sessions | - | - | ✔ |
| Force user account password reset on next login | - | - | ✔ |
| Suspend user account | - | - | ✔ |
| MDR service | - | ✔ | ✔ |
| Public API for EDR | - | ✔ | ✔ |
What is Endpoint Detection and Response (EDR)?
EDR (Endpoint Detection and Response) is an active, endpoint security solution that does real-time continuous monitoring correlating different events that happen on an endpoint level to detect malicious activity, compromised processes and suspicious behavior on end-user devices. The purpose is to identify in-progress attacks, potential security incidents, compromises or breaches – and then acting as a response system, providing capabilities to remediate it.
The primary EDR capabilities as defines by Gartner are:
- Detect security incidents
- Contain the incident at the endpoint
- Investigate security incidents
- Provide remediation guidance
Who needs endpoint detection and response?
The endpoint protection strategy of any company that is a potential target of cyber threats and/or that stores valuable endpoint data should include advanced endpoint threat detection capabilities and response tools.
SMB and mid-market organizations are under increased risks of advanced cyber threats due to limited internal capabilities and budget constraints, affecting their access to advanced endpoint security solutions, historically targeted at emprises due to costs and complexity.
Moreover, for businesses of all sizes operating in industries with high regulatory requirements and increased cyber risks such as Finance, Healthcare, Legal, Online Retail, Public Sector, EDR is a must for the organization’s cybersecurity strategy to enable compliance and ensure sensitive endpoint data is out of reach of cyber threats.
With Security + EDR you can ensure that organizations of varying size and complexity are protected with high-value services, scalable across multiple clients.
How Security + EDR lowers your OpEX compared to other EDR solutions?
Existing, best-of-breed EDR tools and solutions are oriented at enterprises due to costs and complexity and require large security teams to operate. Moreover, security analysts need to manually perform threat hunting activities by scanning hundreds lines of logs with hours of investigating suspicious activities. But even then, a cross-NIST protection, ensuring business continuity, requires additional solutions and software agents to achieve, increasing the complexity and solution sprawl even further.
Security + EDR performs continuous data collection based on security related events, similar as other EDR tools, but then the solution streamlines your analysis capabilities by raising alerts on any potential incidents and aggregating data in guided attack interpretations mapped to MITRE ATT&CK®. This helps security analysts to rapidly investigate suspicious activities across multiple clients, cutting investigation times from hours to minutes to achieve better scalability.
Moreover, Security + EDR is an integrated endpoint security solution in Acronis Cyber Protect Cloud, unlocking unique benefits for administrators such as a single-click response across the NIST, including recovery. This removes solution sprawl and enables you to deliver comprehensive endpoint protection via a single Acronis agent and console.
What are some types of threats that EDR protects against?
There’re multiple types of advanced cyber threats, capable of bypassing other endpoint protection layers like existing antivirus software, some of the most common ones include:
- Zero-day malware and ransomware – Malware and/or ransomware that infiltrates the system through a zero-day vulnerability (a vulnerability that is exploitable, but the software vendor has not released a patch for it yet – the vulnerability can be known or unknown). Can bypass some behavior-based detections.
- Advanced persistent threats (APTs) – Attacks that use continuous, sophisticated and highly evasive hacking techniques to gain unauthorized access to system and stay undetected for a prolonged period of time, with potentially destructive consequences. They usually consist of a few phases, including system infiltration, escalation and lateral movement within the system, and exfiltration of sensitive data. Advanced persistent threats commonly depend on “living off the land” techniques that refer to attacker-behavior that uses tools that already exist in the targeted environment – making it harder to detect, on considerably cheaper to carry out.
- Fileless attacks – Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect attacks and remediate them.
- Hacking – Hacking is the act of identifying and then exploiting vulnerabilities in a computer system or network, usually to gain unauthorized access to personal or organizational data. Depending on the used techniques, hacking can be hard to detect, as it might leverage stolen credentials or other techniques that make it look like a perfectly normal process until exfiltration happens and it’s already too late to respond.
Detecting and responding to these and other advanced threats requires more Security controls like EDR.