kras99 - stock.adobe.com

Acronis adds EDR to endpoint security

Acronis EDR uses Intel threat detection technology to uncover sophisticated attacks, such as fileless malware, but it also has to compete in a crowded market.

Acronis launched an endpoint detection and response platform for Acronis Cyber Protect Cloud. It adds to Acronis' security portfolio in its push to become a comprehensive platform for managed services providers, value-added resellers and enterprises, but it competes in a crowded market.

The EDR platform is designed to detect anomalous user behavior and events on corporate endpoints, including workstations and servers, in an effort to catch and contain cyber attacks. It works alongside Acronis' other endpoint security technologies, including signature-based and heuristic-based anti-malware, to provide visibility into more complex attacks, such as zero days.

Acronis EDR is also integrated with Intel's threat detection technology (TDT), a system on a chip architecture used to uncover attacks such as fileless malware that get deployed in memory.

Analysts see the additional endpoint security technology as filling a gap in Acronis' portfolio but said the vendor will have plenty of competition from well-established players.

"The challenge is they have to convince [customers] that this is in their best interest," said Michael Suby, an analyst at IDC. "And I'm not saying that they can't. But they're a small player in a big market."

Catching up and competing

The EDR platform adds to Acronis' security and endpoint protection platform (EPP) and helps level the playing field with other market players, including Trend Micro, Trellix, CrowdStrike, SentinelOne, Microsoft and Broadcom, according to Matthew Ball, an analyst of global infrastructure, cloud and cybersecurity research at Canalys, a global analyst firm.

"A lot of products out there, they just offer the protection part," Ball said. "What they need is the continuous detection and response to incidents. That's where the market is at the moment. Acronis is catching up in that respect."

Rather than working with a third-party provider, Acronis built its own EDR platform -- a move that strengthens its overall security offering, as EPP and EDR tend to be interconnected, according to Suby.

"The combination of EPP and EDR has kind of a cyclical learning cycle to it," he said, "because I can take what I learned in EDR and improve my EPP."

Because Acronis' technology stack includes file backup and disaster recovery functionality, the vendor also provides an integrated path to remediation -- a strength for Acronis in the EDR market, analysts said.

"I don't know anyone else that has a backup and recovery solution," Ball said. "By adding security, it helps [managed services providers] consolidate the vendors they have to work with."

It potentially consolidates the number of platforms customers have to toggle among. It also offers a product that aligns with the National Institute of Standards and Technology's cybersecurity risk framework of identify, protect, detect, respond and recover, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group.

"The idea is that they want to … provide a sort of one-stop shop for all of these capabilities," he said, referring to Acronis' combination of backup, recovery and cybersecurity.

No single vendor -- including Acronis -- can provide a product that fulfills the NIST framework and companies need to think in terms of ecosystem, according to Bertrand. But, he noted, the Acronis EDR platform reflects that framework in its focus on detection.

Adding in Intel

One detection component is the platform's integration with Intel TDT. Fileless attacks now make up 71% of all malware attacks, according to a CrowdStrike 2022 threat hunting report. But they are deployed in memory, making them difficult to detect and compute intensive to uncover.

TDT offloads memory scanning from the CPU to the GPU, letting users continue working on the endpoint while providing a boost to the scanning technology, said Todd Cramer, director of business development for security ecosystems at Intel, during a media briefing.

"By leveraging this Intel-integrated GPU, it enables more frequent scanning for early indicators of attacks," he said. "This is beneficial since it prevents the malware from gaining that foothold before it lands and expands across the system."

Suby said he sees the use of TDT as a potential EDR differentiator. "TDT allows ISVs like Acronis to leverage hardware capabilities to do more sophisticated, more resource-intensive computing activities so they can detect different types of adversary-type activities that they otherwise would not."

The integration is not trivial, he added. Acronis has to modify its software to take advantage of the technology -- something that puts it in line with BlackBerry, Check Point, CrowdStrike, Cybereason, Eset, Fidelis and Microsoft but is not yet ubiquitous among EDR vendors.

Suby noted that the integration with Intel TDT limits the functionality to Intel-powered endpoints, such as Windows-based PCs. Other endpoint detection capabilities that reside on the OS layer or higher will continue to function regardless of the hardware.

Nicole Laskowski is a senior news director for TechTarget Editorial. She drives coverage for news around enterprise applications, application development and storage.

Dig Deeper on Threat detection and response