WithSecure Elements Cloud Platform review

Finnish company WithSecure has traditionally offered an impressive endpoint security portfolio and a key feature is all components can be centrally managed from its Elements Security Center cloud portal. The suite is also completely modular so you can pick and choose which components you require.

It includes EPP (endpoint protection) and EDR (endpoint detection and response) modules which have now been unified into the Elements Endpoint Security (EPS) solution and offered under the XDR (extended detection and response) category. Elements Collaboration Protection (ECP) enhances security for Microsoft 365 environments including Exchange, SharePoint, OneDrive, and Teams while Elements Exposure Management (EEM) keeps your network borders safe by providing an overview of your attack surface along with threat identification and mitigation.

There’s more as Elements Identity Security protects against compromised Microsoft Entra identities. Overworked security teams may also want to consider the optional co-monitoring service where severe threats are automatically escalated to WithSecure’s support teams and you can choose out-of-hours or full 24/7 cover.

That’s a lot to get to grips with but WithSecure’s new Luminen feature can help cut through the smokescreen. It delivers AI-powered reporting services which generate detailed summaries of security events and provide valuable assistance on remedial actions.

WithSecure Elements Cloud Platform review: Setup

Platform support is excellent as WithSecure can protect Windows and macOS workstations, Windows and Linux servers plus Android and iOS mobiles. The base product also includes patch management for Windows OSes.

Deployment is swift as we could download the relevant agent install file and place it in a central location or email links to our users directly from the portal. After installing the agent on our Windows 10/11 workstations and Windows Server 2022 hosts, it took no more than two minutes to complete the process and connect to our cloud account.

We also tested ECP and found the MS 365 authentication process straightforward with our Exchange, SharePoint, OneDrive, and Teams accounts added in a few minutes. The Elements cloud portal is well-designed with its home page providing a complete overview of your security posture.

Donut charts show all protected computers, servers, and mobile devices with color codes showing their overall status, another keeps you appraised on software updates while the detection and response charts show all open detections and their risk score. We received more charts below showing our MS 365 components, all detections, the top affected mailboxes, and a breakdown of security events.

WithSecure Elements Cloud Platform review: Security profiles

Endpoint protection starts immediately as preconfigured security profiles are assigned to devices as soon as their agent has connected to the cloud portal. It’s easy to create new ones as we used the Security Configurations page to clone the predefined ones and tweak them to our requirements.

There’s a lot to play with as profiles manage real-time malware scanning, permit users to run manual scans, determine when automatic updates occur, and schedule regular systems scans. Firewall protection using WithSecure or Windows profiles can be enabled and device controls applied to block access to removable devices such as USB sticks.

Web protection services include reputation-based web page scanning, safe search enforcement, browser plug-ins, and content controls with a list of 32 URL categories you can block or allow. The Premium service enables application controls and WithSecure’s DataGuard which uses behavioral rules to detect potential ransomware activity.

Businesses worried about the shocking impact of the CrowdStrike fiasco can rest easy as WithSecure has them covered. A feature that’s always been available in its security profiles is an option to enable early access to client software updates.

It’s simple to apply as we cloned our workstation and server profiles and enabled early access on them with one click. All the systems with these profiles assigned receive client updates and new features at least a week in advance of general release so we could check for stability and provide feedback to WithSecure if necessary.

WithSecure Elements Cloud Platform review: Detection and response

The portal’s detection and response page provides a good overview of all security events and you can dive deeper by moving to the security events page which provides a more detailed analysis of each event and the affected systems or services. WithSecure’s BCD (broad context detections) page displays a filtered view of detected threats with a full analysis and process tree of suspicious events showing how the potential malware developed and what it interacted with.

BCD shows affected systems with options to isolate them all with one click, run a device scan, and collect a forensics package. Links are provided for the Mitre ATT&CK website for more information and Luminen comes into play as it analyses events, generates a summary, and provides valuable advice on remedial actions – if more help is required, you can elevate the event to WithSecure’s security teams.

Reactions to events are swift as when we ran our test app on selected workstations to generate suspicious activity, the portal logged them in seconds and email alerts were received 2-3 minutes later. To test MS 365 responses, we sent emails from Outlook with dubious attachments and suspect web links and WithSecure blocked them immediately, placed warning emails in our inboxes, and logged all events.

Rollback is a smart feature as it provides instant ransomware protection for Windows systems and can initially run in safe mode in a policy where it only reports on unauthorized changes. It tracks apps classed as unknown and if they exhibit any dubious behavior, it closes them down and automatically rolls back all the file and registry changes they made.

WithSecure Elements Cloud Platform review: Is it worth it?

WithSecure works primarily with partners so doesn’t publish pricing on its web site. However, it advised us that the base Elements Endpoint Security costs around £37 per device/year for between 100 and 499 devices which looks good value considering how many security features this includes.

The Elements Cloud Platform delivers a remarkable range of protection measures and WithSecure has made them all very accessible in its well-designed cloud portal. Deployment is pleasingly simple, Luminen provides valuable remediation assistance and the suite’s modular design means you only pay for what you need.