New in 2022.5: New EDR Threat Hunting panel

Osquery is one of the most powerful threat hunting frameworks around, and is now included with Emsisoft’s EDR solution as the first component of our new Threat Hunting panel.

What is osquery?

Osquery is an open-source query interface for indicators of compromise (IOCs) that enables you to easily query endpoints as if they were SQL databases of information, meaning you no longer need to run multiple system tools separately to get critical threat-related information. Better still, with the new Emsisoft Threat Hunting panel you can query all devices in your network at once within seconds, making it easier and faster than ever to identify and eliminate threats.

Threat hunting is all about checking your endpoints for activity and changes that are not supposed to be there. As a security analyst, you need to separate the unusual from the usual and filter out the noise of everyday activities in search of potentially malicious activity. The new Threat Hunting panel helps you achieve exactly that.

Pre-defined threat hunting queries to search for IOCs

The new panel comes with dozens of ready-to-use queries optimized for threat hunting, which you can edit to your requirements and save for frequent use.

Example IOCs:

Queries are performed in real-time across all online devices, and the results are displayed within seconds.

Availability

The new threat hunting feature is exclusively available for Emsisoft Enterprise Security users.

Compare Emsisoft license plans here

Note: If you’re a user of the Anti-Malware Home, Business Security or a legacy Emsisoft Anti-Malware edition and would like to use the new threat hunting features, please consider an upgrade to the Emsisoft Enterprise Security license plan. Check out the ‘Settings’ panel in your workspace for available upgrade options or get in touch with our support team.

All 2022.5 improvements in a nutshell

Device protection (desktop)

Management console (web app)

How to obtain the new version

As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default.

Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great and well-protected day!

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next