Endpoint Detection & Response @ Enterprise Scale
The case for endpoint detection and response has been already made. It is increasingly common for enterprise to be geographically distributed with thousands of heterogeneous endpoints operating from different networks, both internal as well as off-premise. The mobile wave along with changing business practices and flexible workplaces further compound the problem for IT administrators when it comes to endpoint security and management. Distributing messages and collecting and analyzing generated responses from thousands of geographically distributed endpoints, in real time is a challenge that many enterprises struggle with.
Accelerite’s Sentient, the next generation EDR solution, pulls together real-time information from enterprise endpoints for IT administrators to quickly identify critical security threats and vulnerabilities, and address compliance and configuration issues in their endpoint network within minutes.
The core strength of Sentient’s engine is its ability to reach out to and get a response from hundreds of thousands of endpoints within seconds. Under the hood, it relies on Sentient’s real time message distribution framework to achieve this. The message distribution architecture is radically different from the traditional approaches such as centralized server queries, hierarchical proxy based distribution, publish-subscribe models, pull-based systems or even the more recent P2P approaches. The traditional approaches may have fit the bill a few years ago, but fall short of meeting real time message distribution requirements for today’s enterprise scales.
Accelerite’s message distribution framework uses a hybrid model of cutting-edge network clustering technologies combined with time tested IP multicast for physical message distribution. On top of this layer, Accelerite has developed a highly scalable, distributed algorithm to build an adaptive logical layer for endpoint collaboration.
This hybrid model brings the much needed scale and flexibility to endpoint detection and response due to the following attributes:
Truly distributed with no centralized entities
Each endpoint agent is intelligent and inherently self-aware. It does not depend on other endpoints to realize its communication with the Sentient server infrastructure during times of isolation from its peers. Any endpoint – be it a sales engineer’s laptop from a customer premise, a developer’s Home Office system or a server housed in the company’s data center – is reachable and can respond within the same “order of seconds” time frame.
Adaptive & Self-Healing Agents
Even when co-located endpoint agents interact, they do so without any central controller. Agents choose their roles intelligently and collaborate to ensure server messages get distributed to every reachable endpoint with minimal latencies.
When appropriate, such “self-aware” agents intelligently collaborate with their peer agents within the same network – for example, a subnet within the enterprise. In such situations, the agents make optimal use of available network bandwidth by ensuring minimal message duplication during distribution as well as maintaining as few server connections as required. This prevents network clogging while keeping the back-end server loads under control.
At any given point in time, Agents may either be part of their current network cluster or be out of it. However, this has minimal impact on the functioning of the cluster itself or on the message distribution time. The distributed nature of the algorithm ensures that the cluster adapts and scales as required.
The explosive growth in endpoint devices and globalization of the enterprise has led to an operating scale far bigger than what traditional software has been used to. The threat to endpoints is growing at a rapid pace and the impact can be severe for any organization. Therefore, the window of time available for IT to detect, respond and remediate is getting shorter. It is imperative for the current generation of software to scale up with radical innovations in order to stay relevant and help IT solve such problems. Accelerite Sentient’s high performance message distribution coupled with an extremely fast real-time message processing and analytics capability is at the heart of its EDR solution that ensures that IT administrators can detect and remediate any endpoint threats or vital signs of endpoints within seconds – not hours or days.