This week, Dell introduced the latest version of its endpoint security suite, Dell SafeGuard and Response, a blending of assets from Secureworks and CrowdStrike that pivots off a unified agent on the endpoint (whether a Dell machine or another brand) that does local analysis and communicates with a cloud service that provides a deeper layer.
Secureworks, majority owned by Dell, contributes managed detection and response while CrowdStrike, a privately held, venture-backed company, provides advanced antivirus protection along with managed threat hunting. At the beating hearts of both companies lie teams of cyberthreat experts, who augment machine learning and AI techniques that the software is executing constantly to fight against the flow of attacks. Thus, prevention is layered with detection and remediation for those cases when protection is breached.
One of the keys to the effectiveness of this model is speed. Matthew Polly, VP of Worldwide Business Development, Alliances, and Channels at CrowdStrike, told analysts in a briefing that the benchmark for success is “one minute to detect, 10 to analyze, and 60 to respond.” This way, intruders can be seen while they’re actually inside affected systems and shut down before they can do any harm. These short intervals are in sharp contrast to the many publicized attacks during which intruders have dwelled for months or even years before being found out.
In addition to next-generation antivirus and automated detection and response, Dell SafeGuard and Response offers managed incident response via a team of experts, who hunt, detect, and remediate threats. Customers can dial up the human side by signing a Secureworks Incident Management Retainer, which, for a monthly fee, provides incident remediation.
The endpoint agent, which has a footprint of 25–30MB and handles both the CrowdStrike and Secureworks capabilities, has little impact on CPU performance. It makes streamlined references to the CrowdStrike cloud, which is integrated with the Secureworks back end. Thus, the combined products function as one.
The new offering is aimed at midmarket customers (2,000–2,500 seats), although, technically, it can scale both down and up for larger or smaller customers. Specifically, Dell SafeGuard and Response is designed for companies that can’t afford their own security operations center (SOC), but still need world-class security. Dell’s layered offering can be purchased modularly:
- CrowdStrike Falcon Prevent is just the next-generation antivirus.
- CrowdStrike Falcon Prevent and Insight adds Device Control and Falcon Insight, which enable visibility into endpoint threat activity and real-time remediation.
- Secureworks Managed Endpoint Protection has all of the above plus around-the-clock managed services to monitor the state of endpoints for indications of threat actor activity. Humans from the Secureworks SOC investigate detected events to determine severity and suggest remedial actions.
- Secureworks Incident Management Retainer puts a further layer of service on top of the rest. In the event of a serious breach, Secureworks deploys a skilled incident response team to mitigate the incident, putting expertise at customers’ disposal when needed.
Street pricing starts at $20–30 per endpoint per year, scales up to $50–60 for the integrated offering, and comes in around $70 for the fully managed offering. The retainer is sold in 40-hour chunks at $15,000 per year.
What’s missing, of course, is Inky Phish Fence, best-in-class endpoint anti-phishing protection that resides in a cloud-based appliance sitting in the mail flow. Since major corporate breaches often start with a successful phishing attack, it makes sense to pick them off at the gate. Using advanced machine learning and artificial intelligence techniques, Phish Fence assesses each email both visually, the way a human would (e.g., the graphics here, even distorted, indicate that it’s trying to be American Express), and at a low level, the way a machine would (the originating server does not belong to American Express). End users see a color-coded banner (an HTML fragment that the appliance appends to each mail), and all links are sandboxed so a user and can see what’s on the page without having to link through. Phish Fence doesn’t care whether the attack is via malware or not. It operates in all weather.
That having been said, Dell SafeGuard and Response is an excellent base product, and, now that the company has the infrastructure to deploy a lightweight security agent on the endpoint, a flexible, API-based integrated cloud service on the back end, and a smooth blending of these machine capabilities with real-time human expertise, it’s likely that Dell’s security offerings will only grow richer over time.