Our latest product release expands our current detection and response platform to provide support for Windows devices located anywhere – all without requiring additional infrastructure.
Now current customers, partners, resellers and MSPs (managed service providers) can take advantage of Blumira Agent: easy-to-use endpoint security for SMBs to detect and respond to Windows cybersecurity threats.
Blumira’s platform identifies attacker activity early, while Blumira Agent gives small IT teams the capability to immediately isolate devices, containing threats like ransomware to prevent a data breach.
Why Did We Build Blumira Agent?
Shedding Light on Remote Endpoint Visibility – With the pandemic’s shift to work-from-home with distributed locations and employee-owned devices used to access corporate networks, IT teams struggle to gain security visibility. The most significant barriers to achieving strong endpoint security includes lack of visibility of all endpoints (63%) and lack of in-house expertise (45%), according to a Ponemon survey of IT/security professionals
SMBs Lack Access to Endpoint Security Solutions – Typical EDR or endpoint security solutions are too expensive, require security skill to use, or are designed for larger enterprises with budget for an extensive security stack. Many endpoint security solutions, by default, lack historical data retention (at least one year is required for most compliance and cyber insurance requirements), critical for investigation and response, or they charge a premium to add on support and long-term data retention.
Rising Ransomware & Endpoint Attacks – Ransomware continues to rise, targeting SMBs more than ever. Reports of ransomware incidents in the United States increased 62% in 2021 compared to 2020 (CISA), while 61% of SMBs were the target of a cyberattack in 2021 (Verizon). Endpoint attacks continue to rise in the total cost to an organization, significantly impacting the bottom line. The average cost of an endpoint attack is $1.8 million annually (Ponemon report).
The Value of Blumira Agent
Speed to Security
Start sending your Windows logs directly to Blumira’s cloud platform in minutes for analysis, detection and response — no additional on-premises infrastructure required.
Longer Data Retention
Most EDR and SIEM providers only provide limited endpoint data retention (weeks or months), included with the option to add long-term retention (one year or longer) at a premium cost.
24/7 SecOps Support
Other vendors charge premium additional fees for security support. Access to Blumira’s responsive SecOps team is included in our pricing, available 24/7 for critical priority issues. We assist with onboarding, troubleshooting, providing security advice and more.
Support Remote Work
Get greater insight into your distributed and hybrid workforce security by collecting remote endpoint logs, analyzing, detecting and responding to Windows cybersecurity threats.
Get greater security value with a single platform that combines SIEM with endpoint security, automated detection and response for better security outcomes that fits your IT and security budget.
Satisfy Compliance Controls
Meet multiple compliance and cyber insurance requirements easily with one platform, including controls that call for log monitoring, one year of data retention, detection of anomalous activity, endpoint security and more.
How Does Blumira Agent Work?
Blumira has partnered with LimaCharlie, building and expanding upon their technology to integrate it directly within our application. This allows us to seamlessly send customer Window endpoint logs directly to the Blumira cloud for analysis and automated detection of security threats, sending you prioritized findings and playbooks for guided response.
Speed to Security: Install Blumira Agent in Minutes
It’s fast and easy to install the Blumira Agent on your Windows devices using a custom, Blumira-provided script and PowerShell. Blumira created Poshim (PowerShell Shim) to help streamline and simplify Windows log collection and ongoing management for our customers.
Note: If NXLog or Sysmon are found on the device, Poshim removes those from the device because they are not required for the Blumira Agent and remote Windows logging.
Within the Blumira App, get started by navigating to Blumira Agent > Installation. Click Select Installation Key, then select Create New Installation Key from the dropdown.
Name or describe your device or group of devices by typing it in to the Description field:
After you click Add key, the agent install script will appear in the box:
Launch PowerShell as an Administrator, then run the script that you copied. Organizations may also install the agent via their software distribution platform, an RMM (remote monitoring and management software), MDM (mobile device management) or GPO (group policy object).
After running the script and completing installation, verify that your devices are installed correctly by navigating back to the Blumira app > Blumira Agent > Devices.
You should be all set — check that your Blumira Agent is running correctly on your device by viewing the Agent status (online or offline) on your Devices page.
What Can You Do With Blumira Agent?
Detect & Respond to Windows Findings
Blumira Agent sends endpoint logs to Blumira’s cloud platform for analysis, helping you detect threats early to prevent an incident, including:
- Anomalous access attempts
- Exploitation of known vulnerabilities
- Malicious processes running on Windows
- Unusual PowerShell activity (can be used to execute malicious code)
- Elevation of privileges to domain admin
- Brute-force (unauthorized access) attacks
- Attempted lateral attacker movement
- Tools used by ransomware threat actors
- Clearing of logs or other attacker intrusion coverups
Blumira provides a playbook written by our security engineers to help guide you through how to respond, sent with every finding.
Contain Threats Immediately
Quickly block network activity on infected hosts with Blumira Agent’s host isolation to stop the spread of ransomware and give your team time to investigate and remediate threats, especially useful if an incident occurs after hours.
Now you can isolate a device in just a few clicks (block outgoing network traffic except to Blumira), and just as easily release devices from isolation.
When you isolate a device, that means it can’t be used for any network activity. However, the agent installed on the device can continue to communicate exclusively with Blumira to keep sending endpoint logs, critical for investigation and response.
The agent is also online, so you are able to easily release the device from isolation by selecting Not Isolated, or select Toggle host isolation after clicking any device listed on the Devices page.
Easily Manage & See Device Details
Add, remove and delete devices through the Blumira Agent > Devices page.
Drill down further to see additional device details by selecting Device details in the dropdown after you click on the three dot menu.
Quickly Access Logs & Associated Findings
Access all logs & any unresolved findings associated with the device within Report Builder. Click on any device to view device details, then click through to View device logs or View unresolved findings.
How to Test Blumira Agent
After you’ve installed Blumira Agent, you can test that our detections are working correctly and triggering alerts by using this example detection rule test:
To test the detection Enumeration of Credentials in Registry:
- Open a command prompt and type reg query HKLM /f password /t REG_SZ /s
- Press Enter.
This should trigger a finding that notifies you via the Blumira app, according to your notification settings. With that finding comes a playbook to help guide you through next steps for response.
Why does it matter for security? In Windows environments, credentials and passwords can be found in many locations, left by users or software. One location threat actors often look for credentials is in the Windows registry hives. These can often contain passwords that may allow the threat actor to move laterally or escalate privileges.
See our Blumira Agent documentation:
- New: Remote Windows logging with Blumira Agent
- Installing Blumira Agent on a remote device
- Managing your Blumira Agent devices
- Testing detections for remote Windows logs
- How agent and host status impact remote logging with Blumira Agent