1. Help Center
  2. Getting Started

EDR Compliance Setup and Testing

How to enable EDR compliance checking

EDR Compliance Checking Overview

Elisity Connect, our remote access VPN-replacement solution, can now detect Endpoint Detection and Response (EDR) products like SentinelOne. This gives organizations the ability to build policy around device compliance with EDR requirements, helping secure network infrastructure from malware threats preemptively.

Enabling EDR Compliance Checking in Cloud Control Center

To enable EDR detection, open Cloud Control Center and navigate to
Administration > Settings > Security > EDR

 1- FIND EDR IN CCC(Click to enlarge)

Here you can see a list of supported EDR providers for your environment. In this case, we have support for SentinelOne on Windows clients. To enable compliance checking, simply click the available EDR, click the arrow to move it over into the “EDR(s) Selected” category, and click submit.

2 - SELECT EDR IN CCC(Click to enlarge)

3 - SUBMIT(Click to enlarge)

NOTE: The client will notify the user every 24 hours if the EDR application is not installed on the endpoint. 

Checking Compatibility on the Client

There are a few requirements that need to be met on the client for EDR detection to function.

  1. The available EDR provider and platform requirements match Cloud Control Center.
    As mentioned above, for our environment we have support for SentinelOne on Windows OS only. EDR detection will not function on any device that does not match those criteria. Be sure that the client is running the latest version of their EDR agent.
  2. The latest version of Elisity Connect is installed on the Client Device.
    To ensure that EDR detection is fully supported on the client, we need to ensure that we have the latest version of Elisity Connect, found at https://elisity.com/downloads.

Login with Elisity Connect and Verify EDR Detection Status

Now that we have verified our client meets the requirements, we can login via Elisity Connect to verify that EDR Compliance Checking is functioning. After logging in, wait about 45-60 seconds and click on the compliance tab in the Elisity Connect client.  You should see the EDR Name and its running state.

4 - edr_detected_on_client(Click to enlarge)

In Cloud Control Center, find the device that you have signed in with Elisity Connect. Open the device asset details and check the EDR status in the bottom corner. Here we can see the “sentinelOne-enabled” status.

5 - Check EDR status CCC(Click to enlarge)

If SentinelOne were disabled or uninstalled, this would show “sentinelOne-disabled” and the user would be notified. You can build policy around this EDR status by selecting it during policy creation and modification.

6 - EDR POLICY SRC(Click to enlarge)

For example, here we are building a policy that denies all traffic from devices with SentinelOne disabled. This policy will then be applied to any device that comes online with SentinelOne disabled.

7 - EDR POLICY OVERVIEW(Click to enlarge)

Here is an example of a device that has SentinelOne disabled. You can see that the policy we created has been applied to that device, blocking all network traffic until SentinelOne is once again enabled.

8 - EDR Policy Applied(Click to enlarge)

NOTE: This policy will overwrite any user-based policy that is pushed down to the device, meaning a user logged in on this device with a set of network policies will still be applied to the EDR_disabled policy if their device is found non-compliant.

Windows and MacOS Notification settings for Elisity Connect

Users on Elisity Connect who are logged off or who are found non-compliant can be sent notifications with a configurable interval. 

Windows Notification settings 

On install/upgrade, Elisity Connect sets up notifications using the Windows notification feature for sending reminders for EDR Compliance (not running the EDR app on user device) and Elisity Connect disconnect status (not logged in). By default these notifications are enabled. A user can disable notifications from Elisity Connect by navigating to Settings > System > Notifications & actions on Windows. 

                                                             (Click to enlarge)

                                                                (Click to enlarge)

MacOS Notification settings 

On MacOS, Elisity Connect install/upgrade process will configure Elisity Connect application notifications in the MacOS notifications facility. However, the user must enable notifications for the Elisity Connect application. This is a one-time setting. A user can disable notifications from Elisity Connect using the same settings.

                                                                (Click to enlarge)