enSilo offers a different approach on the complete Next-Generation Antivirus (NGAV) solution. enSilo utilizes a single, light-weight agent that can handle NGAV, Application Communication Control, Threat Hunting and Endpoint Detection and Response (EDR). All these components are included in the solution and can be toggled on and off to accommodate your needs. What is more impressive than the flexibility of this solution is how lightweight the agent is. On average, it utilizes less than 1% CPU and 50 MB of RAM. This is extremely useful as it supports a variety of operating systems, including legacy Windows and Linux systems.
During the pre-infection and infection phases, the Next-Generation Antivirus and Application Communication Control components help protect the endpoints during the pre-infection phase. The post-infection engine provides an advanced capability through the correlation of Operating System (OS) behavior with OS-level activities that may have negative consequences to data. The Next-Generation Antivirus utilizes machine learning to understand malicious code and can remove threats before they execute in the system. The Applications Communication Control, enSilo can prevent malicious processes and applications from modifying files or opening a network communication. These events log back to the cloud dashboard.
We've worked with application whitelisting technologies in the past, but this new spin by enSilo is intriguing. They've put a lot of time in developing a solution that is flexible and can handle multiple versions. This is extremely useful on legacy operating systems as there are limited software packages that can be installed on them. The Application Communication Control component can be configured to allow you to use the application locally, but not allow it to move outside the local system. Once contained, the platform enables business intelligence correlation that assists in classifying the ransomware type, including a description of the potential remediation. The platform also enables the search for similar vulnerabilities or files presence across the entire environment and their remediation or virtual patching.
The Endpoint Detection and Response capabilities are extremely intuitive and easy to use. enSilo delivers forensic level details and grants administrators the ability to remediate malicious code. The malware kill-chain is very detailed and provides enough information to remediate without overwhelming you with too much information.
enSilo has a nice website that is full of information on product support as well as a customizable support structure. Every solution comes with basic 8x5 support on tier-1 and tier-2 support. For an additional charge, you can upgrade to 24x7 support as well as alert monitoring and incident response support.
We were very impressed with the enSilo platform. The modular design took a bit to get our heads around, but it executed cleanly and provided a great level of protection. While the EDR & Threat hunting on this product really shine, the real intriguing section with this solution is the Application Communication Control; this is a unique feature that separates it from the pack. The more we use the Application Communication Control, the more use cases we find. Anyone looking for a complete platform that protects the endpoint with a solid EDR, enSilo will not disappoint.
by Mike Diehl; tested by Mike Diehl & Matt Hreben