New in 2023.11: Threat hunting gets quicker and easier
This month’s update introduces the ability to run threat hunting queries, making it easy to speedily identify anomalies and potential threats on any Emsisoft-protected device – and speed is critical. The sooner you can identify and remediate a potential threat, the less time it will have to escalate into an actual incident.
The functionality is based on Osquery, an open source platform which exposes operating systems as databases against which SQL queries can be run. A number of pre-defined queries are included, but additional user-defined queries can be created and saved, creating a high level of flexibility. Queries can be run on-demand or scheduled, and can be configured to show either complete data or only changes since the query was last run. For example, you could run a query to check for changes to the Windows Startup folder. This would help you identify and investigate the presence of legitimate applications that threat actors deploy in ‘living off the land’ attacks.
Note that queries are a feature of our EDR, which is a component of Emsisoft Enterprise Security. If you’re currently using Emsisoft Business Security and would like to ask about switching, please get in touch with us.
This month’s update also includes multiple behind-the-scenes improvements designed to ensure that our products continue to deliver the best possible protection, the best possible performance, and the best possible user experience.
All enhancements and improvements in a nutshell
Device protection (desktop)
- Multiple minor tweaks and fixes
Management console (web app)
- Improved threat hunting
- Multiple minor tweaks and fixes
How to obtain the new version
So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialNote to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.