0
(0)

This document contains information on the latest release of F-Secure Elements Endpoint Detection and Response.

Overview

F-Secure Elements Endpoint Detection and Response gives you contextual visibility into your security. With automatic advanced threat identification, your IT team or managed service provider can detect and stop targeted attacks quickly and efficiently.

For more details, see the solution documentation on the F-Secure website: https://f-secure.com/elements-edr.

Features

This release of F-Secure Elements Endpoint Detection and Response (EDR) includes the following major features:

  • Visualization of detections on a timeline with all impacted hosts
  • Broad Context Detection™ as F-Secure’s proprietary behavior-based detection technology
  • Application visibility to identify all harmful or otherwise unwanted applications and foreign network destinations
  • Guided response with built-in, step-by-step response guidance and remote actions, such as network isolation, to stop attacks
  • Elevate to F-Secure for certified service providers to request expert guidance from F-Secure’s threat analysts
  • Single-client and management infrastructure with F-Secure Elements Endpoint Protection and F-Secure Elements Vulnerability Management
  • Partner Managed and Company Managed versions with options for 250+ seat end-customers to self-manage the solution

Supported browsers

F-Secure Elements Security Center supports the latest versions of the following browsers:

  • Microsoft Edge
  • Mozilla Firefox
  • Google Chrome
  • Safari

Supported operating systems

Operating systems supported by F-Secure Rapid Detection & Response are same as Protection Service for Business endpoint clients (F-Secure Elements Agent):

Supported languages

English, Finnish, French, German, Italian, Japanese, Polish, Portuguese (Brazil), Spanish (Latin America) and Swedish.

Product updates

This section lists the changes implemented for Endpoint Detection and Response in F-Secure Elements Security Center portal.

May 2021
New features and improvements

  • Rapid Detection and Response is now F-Secure Elements Endpoint Detection and Response. It is available under F-Secure Elements Security Center (elements.f-secure.com).
  • Event search for threat hunting: A new capability to view and search events send by F-Secure Elements Agent (Endpoint client).
  • Scheduled reports have been updated to include an improved structure and a more visual presentation for Broad Context Detections and other EDR information.
  • F-Secure Elements Security Center language support now includes English, Finnish, French, German, Italian, Japanese, Polish, Portuguese (Brazil), Spanish (Latin America), and Swedish.
    • The language selection is changed to be persistent and is kept over removal of browser data. It can now be found under the user Account settings in the page header (compared to earlier settings page. The language selection is common for the products in Elements Security Center and applies to the Dashboard, EDR, and Protection for Microsoft 365 views.
  • Automatic recognition of the device profile types
    • “Virtualisation guest”, “Virtualisation host”, “LDAP server”, “File server”, “DNS server”, “Microsoft Exchange Server”, and “Mail server”.
  • The Software view offers more details by showing software component description and internal name metadata from executable files. This helps to differentiate between different software components that are parts of the same software.
April 2021
New features and improvements

  • Device list view Broad Context Detection risk level filter introduced to list devices having open e.g. SEVERE risk incidents. Device list performance improved.
  • Improved portal response time when going through list of Broad Context Detections using next and previous buttons.
  • Portal login time improved.
  • Process activities having info severity detections in Broad Context Detection summary and process tree views are now indicated using light blue color.
February 2021
New features and improvements

  • New incident detection based on endpoint client memory scanning. Using memory scanning events we can identify threats/signs of attack that were done in endpoint and still active in memory when EDR client is activated. Detections
January 2021
New features and improvements

    • Incident analysis

The Incident analysis feature in the portal allows administrators to add their own analysis for Broad Context Detections, for example, descriptions of root causes or implemented remediations. The analysis is included in the scheduled reports, which allows for a more efficient flow and better visibility in handling detections.

December 2020
New features and improvements

  • The menu items and terminology between the Protection Service for Business management portal and Rapid Detection and Response management portal are now aligned. RDR has adopted the use of the following terms: ‘Device’ (previously ‘host’) and ‘software’ (previously ‘app’/’application’).
November 2020
New features and improvements

  • New indicators for process-injection activity highlight injected processes in the Summary view and process tree. This new functionality helps in identifying process-injection activities by linking between the injecting process and the process being injected.
October 2020
New features and improvements

  • The new functionality of reviewing PowerShell script blocks gives visibility to executed scripts that are considered malicious or suspicious.
  • In the Broad Context Detection summary view and process tree details, the color-coding for information-level activity has been changed from blue to gray. Information-level detections are generated to add visibility to activities originating from a process that includes severe detections (critical, high, medium).
September 2020
New features and improvements

  • Added support for Linux. The RDR capabilities are now available also for the Linux operating system together with Linux Protection for Servers (Server Protection Premium and RDR). See the Linux client release notes: New Linux Security 64 Update has been Released (2020-09-29).
  • Decoding of the automatic PowerShell script block.
  • The Broad Context Detection details view includes detection, process, and host overview with the capability of searching for processes and detections. This simplifies the incident analysis process by providing an incident overview with quick links to the related details.
  • Integration with Radar, the F-Secure Vulnerability Management tool. Users who have both solutions can now move between them without additional logins.
  • The Broad Context Detection (BCD) similarity model is a new machine learning-based feature that improves the visibility into the incident landscape. When incidents are being analyzed, identical or similar BCD incidents are clearly indicated compared to the incident under investigation. You can use the information in incident analysis by comparing the incidents and their similarity with the help of the similarity score (as a %).

Fixed issues

  • The Broad Context Detection details view now scales to large screens.
August 2020
New features and improvements

  • Support for virtualized environments. When installing the F-Secure endpoint client into virtual environments (see instructions: Installing Server Protection in persistent mode on Citrix servers)
  • Broad Context Detection highlights the new content
    • Processes running with elevated privileges
    • Process injection details
    • Thread creation details
    • Process manipulation through Event Tracing for Windows (ETW) interfaces
    • Local environment process IDs (PID)
July 2020
New features and improvements

  • New response action to remotely collect information that helps manual incident analysis and forensics. This feature automates information gathering from the device that has suspicious activity. Once the collection is triggered, a zipped file will become available in the portal for downloading the package for further analysis. The download link is available in the portal for 14 days.
  • The Broad Context Detection log view includes detection information and links to details in the process tree. This improvement gives more detailed view and easier analysis of the Broad Context Detection life cycle.
June 2020
New features and improvements

  • Visualization of Broad Context Detections that have multiple devices. Rapid Detection and Response engine combines related activities from multiple devices under a single Broad Context Detection. The Broad Context Detection “Process tree” view shows how activities in different devices are linked together.
  • The coverage of the security software component tampering detection has been increased.
  • Broad Context Detections include more details about suspicious activity, including clearly opened PowerShell script blocks, file accesses, and module loads.
  • Broad Context Detection includes more details about parent activities leading to the suspicious activity.

Fixed issues

  • Small improvements in the Broad Context Detection summary view process chain visualization.
  • In some scenarios, the portal login failed with error 404.
  • The issue with the host view search has been fixed.
May 2020
New features and improvements

  • A new dashboard with Assets at risk widget
  • A new dashboard with detection statistics
  • A response walk-through that gives insight about detection types and guidance for investigation and response
  • The response action to trigger full computer malware scan remotely in the endpoint protection
  • A single installation package for all Computer Protection and Server Protection variants with or without RDR and RDR standalone installations.
  • The BCD summary view includes clean parent visualization.

Fixed issues

  • The selected organization was lost when browsing through the detection list.
April 2020
New features and improvements

  • Email notifications are sent only for SEVERE, HIGH, and MEDIUM-risk Broad Context Detections.
  • The target hash in the portal is turned into VT link.
  • The dashboard performance has been improved for Application information.

Fixed issues

  • Portal loading issue with older Edge browser versions.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 10 times, 1 visits today)