{"id":7264,"date":"2025-04-17T11:20:00","date_gmt":"2025-04-17T08:20:00","guid":{"rendered":"https:\/\/blog.eset.ee\/et\/?p=7264"},"modified":"2026-06-14T10:24:54","modified_gmt":"2026-06-14T07:24:54","slug":"staying-protected-with-mdr","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2025\/04\/17\/staying-protected-with-mdr\/","title":{"rendered":"Staying protected with ESET MDR"},"content":{"rendered":"<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong><a href=\"https:\/\/esetworld.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET World 2025<\/a><\/strong>&nbsp;was an event that brought together top cybersecurity experts from all walks of life, so you\u2019d expect tangible examples of what makes a business really stay secure. That\u2019s exactly what James Rodewald, security monitoring analyst at ESET did.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>During the session titled \u201cStaying protected with ESET MDR,\u201d Rodewald pointed out the critical pain points of IT admins and how managed detection and response (MDR) saves them time and unlocks new efficiencies, as well as sharing a story about a VPN gone rogue.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">&nbsp;Day in the life of an IT admin<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Usually, IT admins need to split their focus between many areas, and security is just another small part of their tasks, often getting less attention than necessary.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Of the many issues surrounding a company\u2019s cybersecurity, their&nbsp;<strong>budgets<\/strong>&nbsp;are a key concern \u2014 proper security operations centers (SOCs) can be pricy, as covering hundreds of seats takes&nbsp;<strong>time<\/strong>&nbsp;and effort. Some companies assume that having two people cover an entire SOC\u2019s capabilities is enough though, but Rodewald strongly disagrees: \u201c<em>They wouldn\u2019t be able to monitor 24\/7. \u2026 If something happens while they\u2019re asleep or possibly on vacation, that could be really bad<\/em>.\u201d<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/it-admin-pain-points.png\" alt=\"IT admin pain points\" title=\"An average IT admin's pain points \"\/><figcaption class=\"wp-element-caption\">An average IT admin&#8217;s pain points<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>While Rodewald doesn\u2019t want to deter IT professionals from trying, he highlights that there are certain gaps that only security experts can fill: \u201c<em>IT admins are smart. They\u2019re great at what they do. They make these beautiful systems that all communicate with each other \u2014 and that\u2019s amazing. But sometimes they don\u2019t&nbsp;<strong>know how<\/strong>&nbsp;to notice when somebody else is maliciously managing their network. And that\u2019s where the dangers come in<\/em>.\u201d<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">ESET MDR to the rescue!<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Securing added resources for IT admins to fight threats while they take care of daily tasks is what&nbsp;<a href=\"https:\/\/www.eset.com\/us\/business\/services\/managed-detection-and-response\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET MDR<\/a>&nbsp;offers in spades. This is rather helpful for smaller businesses lacking security headcount within their IT departments, quickly leveling up their postures. \u201c<em>It\u2019s like you set it and forget it. \u2026 Customers want somebody to monitor and be notified if something happened, what we did to remediate it, are there any actions they need to take<\/em>,\u201d said Rodewald about the service.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:quote \u2013><\/p>\n<blockquote class=\"wp-block-quote\"><p><!\u2013 wp:paragraph \u2013><\/p>\n<p>ESET MDR is a&nbsp;<a href=\"https:\/\/www.eset.com\/fileadmin\/ESET\/INT\/Docs\/Business\/ESET_MDR_datasheet_WEB.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">24\/7 threat management service<\/a>&nbsp;for smaller organizations, using AI and human expertise for premium protection without in-house security specialists. Let ESET block, stop, and disrupt malicious behavior in just 20 minutes while you focus on core competencies.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p><\/blockquote>\n<p><!\u2013 \/wp:quote \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>While a basic MDR service can offer enterprise-grade security, with monitoring performed by earnest experts trained to stop security incidents (using top threat intelligence to empower their decisions), a lot more can be done for complex environments with a larger footprint. These environments need a specific approach, slotting in naturally to the existing security apparatus of a larger organization.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/eset-mdr-services.png\" alt=\"ESET MDR services\" title=\"ESET tailors its managed services for different business requirements\"\/><figcaption class=\"wp-element-caption\">ESET tailors its managed services for different business requirements<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>As Rodewald said,&nbsp;<a href=\"https:\/\/www.eset.com\/us\/business\/mdr-ultimate-protection\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET MDR Ultimate<\/a>&nbsp;(MDRU) is \u201cfor those customers that want to&nbsp;<em>live with us<\/em>&nbsp;in real time as we monitor their environment \u2026 benefits range from custom rule and alert creation, [to] optimizing the security environment \u2026 to finding unprotected devices, etc. So, across the range of these activities, we drive both operational and process maturity, help with remediation, and even flag those unprotected devices, sadly an all-too-common source of threats.\u201d<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:quote \u2013><\/p>\n<blockquote class=\"wp-block-quote\"><p><!\u2013 wp:paragraph \u2013><\/p>\n<p><a href=\"https:\/\/www.eset.com\/fileadmin\/ESET\/INT\/Docs\/Business\/ESET_Detection___Response_Ultimate_datasheet_WEB_noContact.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">ESET MDRU<\/a>&nbsp;perfectly combines ESET technology and digital security expertise to effectively and proactively detect and respond to any threat. It is a tailored service, acting as a SOC-like security umbrella, with the ability to protect sophisticated environments with dedicated security teams.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p><\/blockquote>\n<p><!\u2013 \/wp:quote \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Rodewald also highlighted ESET MDRU\u2019s reports, explaining how the process is more human, connecting experts from both sides to design better protection rules and mechanisms in tandem, which adds even more value.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Maintaining 20 minutes to detect<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The ESET MDR service tier maintains a&nbsp;<strong><em><a href=\"https:\/\/www.eset.com\/us\/business\/services\/managed-detection-and-response\/?srsltid=AfmBOoo6Cg_KeP5O0yXYOvNe5OiI41nhff8e8qEwq0IZE9w3Ko3H3fBT\" target=\"_blank\" rel=\"noreferrer noopener\">20-minute time to detect<\/a><\/em><\/strong>&nbsp;for all customers \u2014 currently having a&nbsp;<strong>1-minute time to react<\/strong>&nbsp;and around a&nbsp;<strong>5-minute time to resolve<\/strong>&nbsp;an incident. This is owed to 24\/7 SOC-like monitoring, with our MDR teams constantly improving their decision-making processes with every single detection.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/mdr-detection-time.png\" alt=\"MDR detection time\" title=\"Mean time to detect and respond for ESET MDR \"\/><figcaption class=\"wp-element-caption\">Mean time to detect and respond for ESET MDR<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>To achieve this fast detection and response rate, Rodewald elaborated on ESET MDR\u2019s training regime: \u201c<em>The way we train is to ask the question, could we have spotted this sooner? Because if we can improve, then we want to improve. Also, would you be able to identify this [threat] if you saw it in the wild?<\/em>\u201d Relevant teams also examine research so they might better identify issues they hadn\u2019t yet encountered.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>As a result, ESET\u2019s MDR teams can actively isolate false positives from real detections, apply novel incident response playbooks as needed, and manage trainings to keep analysts up to date on threats. For in-house teams (especially IT generalists), this might be a tough nut to crack, but it\u2019s the vicious cycle that ESET security monitoring analysts are trained for.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Storytime with James<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>In a story about an ESET MDRU success, Rodewald spoke of how a VPN gone rogue led to&nbsp;<a href=\"https:\/\/krebsonsecurity.com\/2024\/07\/the-stark-truth-behind-the-resurgence-of-russias-fin7\/\" target=\"_blank\" rel=\"noreferrer noopener\">FIN7<\/a>&nbsp;getting on a business\u2019s network. The company in question, which owns a large network with multiple sites globally, was unknowingly breached prior to onboarding its ESET service (at least two to three months before). While it had an XDR solution employed, no one was monitoring it \u2014 a recipe for disaster.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":4} \u2013><\/p>\n<h4 class=\"wp-block-heading\">Before the storm<\/h4>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>In the beginning, someone had used PowerShell to create an external network connection, leading to a renamed remote monitoring and management (RMM) tool being installed (<em>LiteManager<\/em>). The PowerShell also had an interesting script called \u201c<a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/ps1.powertrash\" target=\"_blank\" rel=\"noreferrer noopener\">PowerTrash<\/a>,\u201d which was over 6,000 lines long.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/powertrash-image-1.png\" alt=\"PowerTrash image 1\" title=\"Contents of PowerTrash \"\/><figcaption class=\"wp-element-caption\">Contents of PowerTrash<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Next, the RMM tool, renamed to&nbsp;<em>romfusclient.exe<\/em>, started another execution chain to install an&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Secure-Shell\" target=\"_blank\" rel=\"noreferrer noopener\">OpenSSH<\/a>&nbsp;backdoor: \u201c<em>This backdoor would communicate with a remote C&amp;C [command-and-control] server and allow whoever was in control to tunnel through this device to target other devices on the network<\/em>,\u201d said Rodewald.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/rmm-tool-executed.png\" alt=\"RMM tool executed\" title=\"LiteManager RMM being executed as romfusclient.exe \"\/><figcaption class=\"wp-element-caption\">LiteManager RMM being executed as romfusclient.exe<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":4} \u2013><\/p>\n<h4 class=\"wp-block-heading\">&nbsp;How ESET MDRU helped<\/h4>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Shortly after ESET MDRU\u2019s onboarding, monitoring picked up on lateral movement via remotely scheduled tasks \u2014 another instance of PowerTrash was being executed: \u201c<em>Its goal was to dump credentials and load&nbsp;<strong>Spy.Sekur<\/strong>&nbsp;into memory. At this point, we knew it was&nbsp;<strong>FIN7<\/strong>&nbsp;because&nbsp;<a href=\"https:\/\/www.deepwatch.com\/labs\/profile-of-an-adversary-fin7\/\" target=\"_blank\" rel=\"noreferrer noopener\">Spy.Sekur is only used by FIN7<\/a>, and PowerTrash, I believe, is also exclusive to FIN7<\/em>,\u201d commented Rodewald. The latter was 41,000 lines of code, much longer than the previous instance.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/powertrash-image-2.png\" alt=\"PowerTrash image 2\" title=\"New PowerTrash being executed to dump credentials and load Spy.Sekur \"\/><figcaption class=\"wp-element-caption\">New PowerTrash being executed to dump credentials and load Spy.Sekur<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>\u201c<em>We started to see other lateral movement as we were creating custom rules to block things. \u2026 And we started to see this via both remote tasks and&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/winrm\/portal\" target=\"_blank\" rel=\"noreferrer noopener\">WinRM<\/a>. We saw that their goal this time was to execute a batch file to execute a renamed version of RClone.exe in order to back up the file shares of the network and then use a renamed copy of 7-Zip to compress that all before they would then exfiltrate it<\/em>,\u201d Rodewald continued.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/rclone-and-lateral-movement.png\" alt=\"rclone and lateral movement\" title=\"Lateral movement and data collection attempts detected \"\/><figcaption class=\"wp-element-caption\">Lateral movement and data collection attempts detected<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":4} \u2013><\/p>\n<h4 class=\"wp-block-heading\">&nbsp;Killing and blocking<\/h4>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The MDR team then started to kill and block these processes while creating custom rules to disable them permanently. Nevertheless, this was happening across multiple devices, with multiple forms of lateral movement.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Since the MDR team had the source IPs of each of those movements, it understood that it had to locate unprotected devices in the customer\u2019s environment because they weren\u2019t showing up inside ESET PROTECT or ESET Inspect as being managed. \u201c<em>So, we\u2019re on the phone at this point, and I\u2019m having them remote me directly into these devices so I can see what\u2019s going on. We found OpenSSH backdoors on multiple different devices \u2014 we needed to either have the client cut them off the network, or I needed to manually remediate the[m]<\/em>,\u201d said Rodewald.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/winrm-unprotected-devices.png\" alt=\"WinRM unprotected devices\" title=\"Unprotected devices found \"\/><figcaption class=\"wp-element-caption\">Unprotected devices found<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>However, the adversary wasn\u2019t done. Likely panicking as they were losing access, they dropped a new tool: \u201c<em>It was a never-before-seen&nbsp;<a href=\"https:\/\/attack.mitre.org\/techniques\/T1574\/002\/\" target=\"_blank\" rel=\"noreferrer noopener\">DLL side-load<\/a>!<\/em>\u201d exclaimed Rodewald. While the .exe may have been seen in the wild before (TopoEdit) it included a malicious DLL.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/dll-sideload.png\" alt=\"DLL sideload\" title=\"The adversary tries a DLL side-load \"\/><figcaption class=\"wp-element-caption\">The adversary tries a DLL side-load<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>\u201c<em>They were trying to stay on the network. \u2026<\/em>&nbsp;<strong><em>We spotted that in less than 30 seconds<\/em><\/strong>,\u201d said Rodewald with a smile. Thus, the MDR team blocked the clean&nbsp;<em>.exe<\/em>&nbsp;and the DLL and remediated it from about six or seven other devices, all within the same time frame.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":4} \u2013><\/p>\n<h4 class=\"wp-block-heading\">Back to the origin<\/h4>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>In parallel, the team became curious to investigate how initial access occurred: \u201c<em>We started pulling logs from devices, trying to find the trail of events \u2026 so we were doing digital forensic [incident] investigation<\/em>.\u201d Before they got too deep into that investigation, the threat actors showed their cards: Someone was using&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/2022\/09\/07\/rdp-radar-up-close-view-evolving-remote-access-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">Remote Desktop Protocol (RDP) from private IPs<\/a>&nbsp;to access different devices and immediately installing&nbsp;<em>AteraAgent<\/em>&nbsp;with&nbsp;<em>Splashtop<\/em>&nbsp;\u2014 two other RMM tools.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>However, these IPs were on a specific subnet that was different from other devices on the network, which were quickly confirmed by the business\u2019 admin as addresses assigned by the client\u2019s VPN.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:image \u2013><\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/web-assets.esetstatic.com\/blog\/images\/2025\/4-2025\/vpn-gone-rogue.png\" alt=\"VPN gone rogue\" title=\"The MDR team discovers rogue devices on the VPN The MDR team discovers rogue devices on the VPN\"\/><figcaption class=\"wp-element-caption\">The MDR team discovers rogue devices on the VPN<\/figcaption><\/figure>\n<p><!\u2013 \/wp:image \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>\u201c<em>Their<a href=\"https:\/\/www.welivesecurity.com\/en\/business-security\/vulnerabilities-business-vpns-spotlight\/\" target=\"_blank\" rel=\"noreferrer noopener\">&nbsp;VPN appliance was compromised<\/a>. They had rogue devices owned by the threat actor joining the VPN and then RDPing to other devices<\/em>,\u201d Rodewald revealed. Hence, the MDR team had the company shut down its VPN, with no new activity since, though it is still being monitored.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>This story highlights how thanks to the close-knit cooperation enabled by the ESET MDRU service, immediate action was taken, quickly developing new playbooks and security strategies for the client to prevent future incidents.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Prevention-first security<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The key value of ESET\u2019s MDR services lies in its&nbsp;<a href=\"https:\/\/www.eset.com\/us\/business\/prevention-first-approach\/\" target=\"_blank\" rel=\"noreferrer noopener\">prevention-first quality<\/a>. With each of ESET\u2019s managed services tackling different company architectures, the goal is the same \u2014 unlocking fast detection and almost immediate remediation, tackling novel threats before they can cause mischief.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Plus, as evidenced by Rodewald\u2019s rogue VPN story, perhaps going for a managed service even while experiencing a compromise can enable businesses to snatch a security win from the creeping tentacles of a breach.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ESET World 2025&nbsp;was an event that brought together top cybersecurity experts from all walks of life, so you\u2019d expect tangible examples of what makes a business really stay secure. That\u2019s exactly what James Rodewald, security monitoring analyst at ESET did. During the session titled \u201cStaying protected with ESET MDR,\u201d Rodewald pointed out the critical pain [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":7268,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[167],"tags":[],"class_list":["post-7264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-privacy"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/7264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=7264"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/7264\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/7268"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=7264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=7264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=7264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}