In the Security Engineering team at SenseOn, we are constantly seeking methods to achieve big goals with minimal input. This is where our focus on automation becomes essential. If you peek inside our team, you’ll find a trove of unique and effective automation tools that aid us on our journey. From small Python scripts to GitHub actions to Slack bots, we have it all.

SenseOn is a direct competitor to CrowdStrike. On 19th July 2024 BST, an update to CrowdStrike endpoint software caused worldwide IT outages that resulted in over 8 million Windows devices being disabled. This caused major disruption to organisations in a range of industries, including aviation and healthcare. Quality assurance gaps and deployment processes were not the only factors, or even the most significant factors, in the widespread disruption.

A question that all small, security-conscious organisations face is: “What's next?” They know that their antivirus (AV) is not enough. AVs detect malware through a combination of signatures, heuristics, and integrity checking. However, an AV cannot detect malware that is encrypted or that mimics trusted applications or insider threats, such as an employee exfiltrating client data to a third party. More than half of all detected malware now evades AV solutions.

SenseOn is delighted to have achieved over 98.7% detection rate in the Malware Protection Test and 0 false positive alerts in the Real-World Protection Test, reveals the latest AV-Comparatives Business Security Report. Such a high protection rate can help provide security professionals with reassurance and peace of mind in their endpoint protection capabilities, and help to reduce their organisation’s risk exposure, optimise their internal resources and enhance their incident response playbooks.

The Importance of EPP With cyber attacks continuing unabated, neglecting endpoint security is dangerous and potentially catastrophic. Organisations must adopt reliable endpoint security solutions to prevent threat actors from hijacking business systems or stealing sensitive data. Kaspersky The recent decision by the US government to ban the sales of Kaspersky antivirus software due to its ties to Russia underscores the importance of a trustworthy software supply chain.

Extended detection and response, better known as XDR, is a security technology that combines multiple point solutions, including but not limited to endpoint protection and endpoint security tools, into a unified incident detection and response platform. First described in 2018 by Palo Alto Networks' CTO Nir Zuk, XDR collects, correlates, and contextualises alerts from different solutions across endpoints, servers, networks, applications, and cloud workloads.

Threat actors prefer deploying tools which appear genuine and expected in a business IT environment. This provides camouflage for their toolset, blending into organisations' application portfolios. NetSupport Manager, a remote access tool, has been utilised by system administrators since its release in 1989 and has been used by threat actors since at least 2016.

SenseOn achieves 99% protection rate and 0 false positives in the latest AV-Comparatives Real-World Protection Test False positive alerts in security operations pose a significant risk by diverting critical resources and attention away from genuine threats. These incorrect alarms, which signal threats where none exist, can lead to wasted time, reduced efficiency, and increased costs as security teams investigate and address these non-issues.

Digital transformation initiatives like moving servers to the cloud, extending work-from-home privileges, and deploying more IoT devices have expanded attack surfaces, making it easier than ever for threats to slip through. At the same time, the number of cyber threats is growing fast. According to Security Magazine, a cyberattack now happens at least every 39 seconds.

The MITRE ATT&CK framework provides the cybersecurity community with information on more than 100 threat actor groups and the platforms they target. The data within the framework comes from publicly available cyber threat intelligence and reports and security teams and threat researchers. ATT&CK is available for free to anyone who wants to use it.