Sapsiwai - Fotolia
Dell has joined forces with CrowdStrike and Secureworks for a new endpoint security portfolio to help enterprises -- especially midmarket companies with limited cybersecurity infrastructure -- tackle emerging threats.
The combined endpoint security portfolio, dubbed Dell SafeGuard and Response, combines CrowdStrike's unified endpoint protection platform with managed security and incident response services from former Dell subsidiary Secureworks.
The endpoint security portfolio is designed to provide customers with the essential capabilities they need to protect their endpoint devices and data residing on those devices, the company said.
Brett Hansen, vice president and general manager of client software and security solutions at Dell, said there are three trends that shaped Dell's decision to partner with CrowdStrike and Secureworks around endpoint security:
- the rise in malware-less attacks that makes the typical malware protection capabilities insufficient;
- the ever-widening gap between compromise and detection; and
- the growing cybersecurity skills shortage.
"While all companies are experiencing these trends and the challenges these trends present, we feel it is most acute with those in the midmarket, those who don't have a robust cybersecurity organization, who don't have their own security operations center or their own SIEM -- basically the bulk of the market," Hansen said.
The endpoint security portfolio will provide organizations -- especially those that don't have the expertise to make good decisions on what actions to take and how to remediate a threat -- with the capabilities to allow them to improve their prevention strategies against malware-less attacks, mitigate the time it takes from compromise to detection and complement their existing infrastructure with cybersecurity professionals, Hansen said.
"Secureworks and ourselves led an effort to evaluate the marketplace to find the best technology out there for prevention, detection and remediation," he said. "What attracted us to CrowdStrike was the fact that they had a single offering, a single lightweight agent that combined these different elements. Despite its robust capabilities, it didn't have a detrimental impact on user experience and performance."
What customers can expect
Brett Hansenvice president and general manager of client software and security solutions at Dell
Dell customers can select from a range of Dell SafeGuard and Response endpoint security products and services, Hansen said.
"Customers can purchase it like any other software as a subscription. We also offer it 'on the box,' so as I'm buying my next Dell client system, I can include the CrowdStrike and Secureworks offerings as well on there," he said.
The first offering, CrowdStrike Falcon Prevent, will provide customers with CrowdStrike's next-generation antivirus (NGAV) service, which uses artificial intelligence and machine learning to stop malware and malware-free attacks, Hansen said.
"We do have machine learning both in the cloud and on the agent itself, so even in an offline mode, you have the protection you need," said Matthew Polly, vice president of worldwide business development and channels at CrowdStrike, based in Sunnyvale, Calif. "It is the best of both worlds in terms of machine learning 'on the box,' as well as really powerful AI in the cloud."
The second offering, CrowdStrike Falcon Prevent and Insight, is a combination of CrowdStrike's NGAV and endpoint detection and response (EDR) service, and it enables full visibility into endpoint threat activity, detects anomalous behavior and stops the attacks earlier, Hansen said.
Today, signature-based legacy antivirus products are relatively ineffective, Polly said.
"We do have the combination of NGAV and EDR, and the reason for that is more attacks today are malware-free," Polly said. "An EDR component can help identify malware-less attacks where you've got an adversary that has penetrated through a malware-free attack and traversing laterally throughout the environment to identify where the good stuff is. That's where the EDR comes in, and that's the integration with Secureworks."
Secureworks Managed Endpoint Protection is the third offering, and it's a combination of CrowdStrike's NGAV and EDR with Secureworks' managed security services. In addition, Secureworks' Security Operations Center and Counter Threat Unit will provide investigative services.
Once an anomalous activity is detected, a person can come in to help an organization detect if that anomalous activity is malicious and then offer appropriate response steps for remediation, said Wendy Thomas, senior vice president of business and product strategy at Secureworks, based in Atlanta.
"That sort of helps complete the full outcome set for an organization that simply doesn't have that expertise," Thomas said. "It helps them save time to focus on the things that are truly a danger to their assets in their organizations."
The fourth offering is an incident response package, called Secureworks Incident Management Retainer, that "goes back to how do we help protect companies of all sizes, but especially those in the midmarket who have less sophisticated cybersecurity infrastructure," Hansen said.
"In terms of the incident response, we can help those organizations not just in case of a breach where they will have that security of knowing there's an expert who can quickly deploy to help them, but it can actually offer something more proactive about actually preparing for the response plans and procedures," Thomas said.
Apart from bringing in the ability to reach out to tens of thousands of customers who might not realize that this level of capability is within their grasp, Hansen said, Dell also brings in its own support services.
"That support is a really big deal for especially in the target market which we're going after, who doesn't necessarily have the experience and the background in deploying cybersecurity capabilities like these," he said.
The Dell SafeGuard and Response endpoint security portfolio is expected to be available globally in March.