Eset Advanced Security

0 views
Skip to first unread message

Brigitta Martini

unread,
Aug 3, 2024, 4:47:15 PM8/3/24
to elannikve

While waiting on the fix for Rocky-based on-prem appliance, I am enabling advanced security on my existing CentOS-based on-prem appliance (Server v11.0.199.0, Web Console v11.0.193.0) and I'm almost done. I've created the SHA256 cert authority and used it to sign new server and agent certificates. I've also applied the new SHA256 agent certificate to all of the ESET clients via an agent migration policy, which pointed them to the same server, but using the new agent certificate. So I've finished all steps up to the last one, step 10.

At the moment, the old Server certificate shows a 1 under "# of clients using", which I'm sure is the ESET Protect appliance although the Certificate Usage option is grayed out so I can't see for sure.

My second question is about the ESET Protect appliance itself. That's the one device listed under Computers that I have NOT applied the agent migration policy to. Should I apply the new agent certificate via the migration policy to the ESET Protect appliance before performing the last step (Step 10) in KB7930, which is where I change to the new certificate under More->Settings->Connection->Change Certificate->Open certificate list, or does the last step handle that?

My last question is, once this is completed, should I remove the old certificates, or is it best to just leave them? Will they be left behind when I migrate to the coming Rocky-based appliance?

This is a rather strange case: we have had Eset protect 8.1 running as a VA. We decided to update it to 9, but first we enabled advanced security, following the details in _admin/70/en-US/advanced_security.html but without step 10 (ie, without deleting and revoking our old CA and certificates), since there were quite a few clients (on shelf for example) that would remain with the old CA/certificates.

Things seemed to be going ok. Both the server certificate was updated all right as well as a number of clients. Out of around 150 systems, 100 were updated in the first 2 hours or so. This happened on the start of November.

1) New systems on which we installed agent (MSI version) with the .ini file containing keys of the old CAs/certificates would not appear in the console. I'm not sure that was supposed to happen, if I understand correctly the policy to replace certificates is still in place... The problem was solved by creating a new .ini (from create GPO or SSCM script) and using that alongside the MSI installer....

2) Most (if not all) of the 56 systems have stopped contacting our server. So, if I understand correctly, they are unable to retrieve the policy to update the CA/certificates. How do I fix this problem?

My expectation is that first scenario is the case - solution might be to temporarily revert/use original ESET PROTECT certificate, at least until both new and old CA certificate are distributed to all clients.

@MartinKI am seriously starting to think other AV platforms here, considering all quirks I've been finding and the time I'm spending trying to properly manage the ESET products... Regarding to your points, I really don't understand why two thirds of my clients (and all my clients are the same) did the certificate switch properly and the other third stopped connecting to the console altogether... And frankly I don't care on why this happened, it simply shouldn't.

How can I fix this properly with the minimal impact on the use of my work time? I don't care if I have to disable advanced security in the process, as it seems it did more damage than any good.

We're currently moving to TLS 1.2 only, on a large number of our servers. The few Windows Servers (Server 2012R2, and 2016) that have already been migrated over to TLS 1.2 only, have since lost connection to the ERA. I looked to see which ciphers the agents on those servers are using, and even though they are TLS 1.2 ciphers, they are considered weak, which would burn us in an audit. I'd like to turn on "Advanced Security" in ERA Server Settings to hopefully have access to higher cipher suites, but I'm curious of a few things:

2. What is all involved in regards to certificates? Do I need to prep anything, or change from the default server certificate? (This is probably my biggest concern, as I'm not sure where to begin with this?)

This setting will affect only communication between ERA Server and MDM Server. Communication between MDM Server and Mobile Devices will not be affected. To apply advanced security to the MDM component create new MDM and Proxy certificates signed by the new CA and assign them via policy to the MDM server as follows:

ESET's exit from the MSP market signifies that it no longer offers a direct competing solution to Acronis Cyber Protect Cloud for MSPs. This withdrawal leaves a gap that Acronis can fill, providing MSPs with a comprehensive, integrated cloud protection solution.

Yes, Acronis Cyber Protect Cloud offers several unique features that differentiate it from ESET, particularly since ESET does not have a direct equivalent in the cloud space tailored for MSPs. Here are some of the unique aspects of Acronis Cyber Protect Cloud:

  • Integrated cybersecurity: Acronis includes advanced cybersecurity features with AI-based behavioral heuristics for real-time protection.
  • Unified management: It provides a unified management console that integrates backup, disaster recovery, anti-malware, and endpoint management, streamlining IT workflows.
  • Data sovereignty: With its extensive network of data centers worldwide, Acronis ensures data sovereignty by allowing data storage in specific regions as required by compliance regulations.
  • Acronis Active Protection: This feature specifically targets ransomware threats, offering real-time protection and automatic restoration of affected data, something that ESET's traditional solutions do not provide.

Acronis offers several features that can significantly reduce recovery time following data loss, compared to ESET:

  • One-Click Recovery: Enables quick restoration to the last good state with minimal effort, reducing downtime.
  • Universal Restore: Enables recovery to dissimilar hardware, facilitating seamless system migrations and ensuring business continuity, even when original hardware is not available.
  • Security features: Provides recovery to malware-free points, ensuring clean, secure restoration after cyberattacks.

These features, including ease of use, flexibility in recovery to new hardware, and enhanced security, position Acronis as a strong choice for organizations prioritizing rapid and secure recovery processes.

Acronis differentiates itself from ESET with a vast network and adaptable storage solutions:

  • Global Reach: Acronis operates over 50 secure cloud data centers globally, ensuring data safety, availability and compliance with local laws, which enhances disaster recovery and performance.
  • MSP flexibility: Acronis caters to MSPs by offering partner-hosted storage options, enabling them to use their own infrastructure to utilize Acronis's backup services, which is advantageous for those needing customized data management and compliance.

Acronis is integrating cybersecurity features directly into its backup solutions, including advanced ransomware protection. Acronis Active Protection uses artificial intelligence and machine learning algorithms to detect and stop ransomware in real time, and automatically restores any affected files. This proactive approach not only prevents the ransomware from causing damage but also ensures minimal downtime by avoiding the need for extensive recovery processes.

Provide clients with a complete cyber protection platform boasting ROI and streamlining cybersecurity, data protection and endpoint management services, all delivered via a single agent. Reduce costs and resource-draining tasks with a platform built for MSPs to centrally manage all policies. Eliminate solutions that do not provide simple role-based management or ticketing capabilities and leverage 200+ additional MSP-centric integrations.

Simplify endpoint protection with behavioral-based detection engines enhanced with AI-guided attack investigations for minutes-not-hours analysis and reduced burden on your resources. Leverage an ultra-swift, single-click response that not only ensures remediation, but also integrates recovery (including disaster recovery), patch management additional remote assistance and forensic capabilities.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages