Skip links
Crest Data
Enhancing Endpoint Protection with a USB-based Scanning Solution for Instant Threat Mitigation

Enhancing Endpoint Protection with a USB-based Scanning Solution for Instant Threat Mitigation

Author
Published on:
Published in: DevOps
Case Study

Enhancing Endpoint Protection with a USB-based Scanning Solution for Instant Threat Mitigation

Enhancing Endpoint Protection with a USB-based Scanning Solution for Instant Threat Mitigation

Executive Summary

A major EDR vendor required the ability to scan in various standalone Windows environments using a portable self-hosted scanner. This needed to be a “plug-and-play” solution on USB drives that can scan without installation and provide on-the-spot remediation (deleting or renaming files) within the tool.

Crest Data created a custom, portable scanner for Windows (Server 2000 and above) that runs in self-hosted mode from an external storage device. The app uses SentinelOne capabilities for threat detection, logs and configurations, and automates remediation processes. This tool allows the client to keep its network immunized and control the lifecycle of a threat in environments where cloud solutions are not an option.

About the Customer

The customer is a cloud-based solution that helps businesses of all sizes manage processes related to the entire threat lifecycle for providing endpoint security. The customer’s endpoint detection and response (EDR) module automates mitigation of bugs/issues and ensures immunity against newly discovered threats.

Customer Challenge

One of the main challenges was to design and develop a stand-alone, portable scanning tool to scan files and directories across multiple Windows platforms without the need to install any program ahead of time. The customer was looking for an application that could:

  • Operate from external media: The software had to be stored on external media (such as USBs) and work in a “plug and play” fashion on different versions of Windows, such as Windows Server 2000 and higher versions.
  • Enable immediate remediation: The tool needed to be able to do more than just detect files; it had to be able to take immediate action – such as Delete, Ignore, Rename – on identified malicious files.
  • Store and manage data locally: The application had to store and manage all scanning logs and configuration settings on the USB drive itself, so that it could operate without relying on the host system’s hard drive.
  • Provide ease of hosting: The scanner had to be easily hosted and run on any Windows OS to give flexibility in endpoint protection

Customer Solution

The customer needed a self-hosted application for Windows operating systems, and Crest Data built a custom, plug-and-play scanner for such systems. The tool offers a full suite of endpoint security capabilities in an environment where software installation is not an option.

Key features of the solution include:

  • Portable and Self-Hosted Architecture: The tool is an executable file on an external drive, like a USB, and is a self-hosted application. This allows for “plug and play” use without prior installation and is supported in all versions of Windows Server from 2000 onwards.
  • Advanced Threat Detection: The solution incorporates SentinelOne antivirus technology to scan individual files or directories and detect the presence of malware.
  • Automated Remediation Actions: Upon detection, the solution allows users to take action directly from the application to delete, rename, or ignore the infected files.
  • Local Data Management: To ensure complete independence from the host system, the application collects and stores all scanning logs and configuration settings directly on the USB drive.
  • User-Centric Interface: The application provides a clear summary of scan requests and allows users to save specific configurations to automate respective actions during the scanning process.

Outcomes 

Implementing a robust, specialized portal scanner led to the following outcomes for the client’s endpoint security offerings:

  • Zero-Installation Security Coverage: The customer provides a “plug and play” scanning solution that does not require any pre-installation, allowing for quick endpoint protection across a variety of disconnected Windows environments.
  • Streamlined Threat Lifecycle Management: By allowing users to perform actions such as Delete, Rename, or Ignore within the tool, the solution empowers users to remediate malicious files instantly upon detection.
  • Independent Data Autonomy: The scanner’s ability to store all logs and configuration settings locally on the USB drive ensures it can operate autonomously and manage its own data without relying on the host system’s storage.
  • Broad OS Compatibility: The solution focuses on comprehensive endpoint immunity by supporting a variety of systems, from traditional Windows Server 2000 to modern versions, making it a versatile tool for various customer use cases.
  • Flexible Deployment in Restricted Environments: The self-hosted, portable nature of the application allows the client to manage threats in environments where traditional, cloud-based EDR deployments are unfeasible.

About Crest Data

Crest Data is a data and AI-driven technology solutions provider for enterprises and technology innovators across cybersecurity, DevOps, and cloud security, helping them move faster and more securely. We deliver specialized solutions, including DevOps automation and endpoint security automation, to streamline operations and consolidate enterprise resilience. Leveraging robust engineering capabilities and strategic technology partnerships, we enable enterprises to accelerate digital transformation while ensuring secure, efficient, and high-performing IT environments.