As we look back on an exciting and productive 2024 at Field Effect, we’re taking a moment to reflect on the strides we’ve made in enhancing our MDR service. Our mission has always been to provide you with the most advanced and reliable cybersecurity solutions, and this past year was no exception.
Since the beginning, you—our valued partners and clients—have been at the heart of everything we do. Your feedback drives us to continually improve and innovate, ensuring we deliver a solution you trust and enjoy using. This year, we focused on you even more, introducing powerful updates and new features designed to make your cybersecurity stronger, your insights clearer, and your experience smoother.
These updates and features sit nicely within three themes:
- Cybersecurity: This one is obvious! We are constantly working to enhance your protection from threats and threat actors. Many of these happen behind the scenes, so some may be new to you!
- Insight: While cybersecurity is at the heart of our offering, visibility and insight are just as important in many ways. In 2024, there was a significant focus internally on enhanced visibility and new reports. Spoiler alert: 2025 is kicking off with more reporting projects underway.
- Experience: Last but certainly not least, we want to make sure that your interaction with the product is smooth and easy. As such, we released several features in 2024 that aim to enhance the user experience.
While this blog is not an exhaustive list of released features, it highlights those we feel may be particularly interesting to you. As always, Field Effect MDR customers can visit the Release Notes history in their Support knowledge base for a complete list.
Before we dive in, let’s shine a light on MDR Core, our newest cybersecurity offering for smaller organizations, or those with lower cybersecurity and/or IT complexity. Read up on the early adopter details here, and stay tuned as we gear up for a full launch.
Cybersecurity Enhancements
Dark web monitoring
Released in mid-Q4, Field Effect MDR Complete now includes monthly dark web scans, based on your/your customers’ domain(s), with a report detailing any exposed data within the last month.
We monitor thousands of dark web sources including forums, telegram groups, and other areas where actors coalesce to discuss/share breached and leaked data. The risk associated with any exposed data is also assessed based on how quickly, and the degree to which, the compromised data can be exploited.
Vulnerable software severity assessment enhancements
In addition to the Common Vulnerability Scoring System (CVSS), we now provide Exploit Prediction Scoring (EPSS) and the vulnerability's presence on CISA's Known Exploited Vulnerabilities (KEV) catalog.
The CVSS assesses the severity of the vulnerability, the EPSS measures the probability of being affected by it, and the KEV catalog indicates to what extent the vulnerability is being exploited. The vulnerabilities are then prioritized based on these elements, to help you swiftly address the most critical vulnerabilities first.
New Active Response policy: Conditional Access
Cloud Active Response actions were updated to allow for the blocking of accounts using conditional access policies.
With this update, when an M365 account is locked due to a security threat, this conditional access policy is also put in place to restrict access to any resources from that account, ensuring that the compromise is contained.
Identification of malicious browser extensions
Our monitoring now extends to browser extensions in use across the network, and subsequent AROs for any malicious extensions identified.
Supported browsers include Chrome, Safari, Edge, Firefox, Chromium, Opera (inc. GX), Brave and Vivaldi across Windows, macOS, and Linux devices.
Enhanced Linux agent support
2024 saw the release of additional Active Response capabilities for Linux agents, so now Linux devices can be remotely isolated, rebooted, or shut down.
Additionally, Linux agents now also detect pkgs installed via Snap pkg manager, providing additional visibility of software running on Linux devices.
Support for Microsoft Government Community Cloud (GCC)
For those using Microsoft GCC, this can now be added to the cloud monitoring profile.
Insight Enhancements
Note that the features below focus on visibility. Where any items below indicate compromise, Active Response and/or our ARO process will fire as appropriate.
Compliance frameworks update
You can now map Field Effect controls and NIST SP 800-171 Rev. 2. The former are a series of best practices drawing on the experience of Field Effect analysts and industry-leading frameworks.
Mapping these within the portal will add context within AROs if the issue impacts a given framework requirement or control.
New reports
There were several new reports and views added within the Field Effect Portal or the Appliance Dashboard. These views work to provide the relevant insights needed to proactively address vulnerabilities and identify risks. Current Field Effect MDR customers can learn more using the links below.
- Vulnerability report: This report provides a prioritized, monthly view of all detected Common Vulnerabilities and Exposures (CVEs). It details:
- The CVSS/severity score
- The endpoints affected
- A description of the vulnerability and its impact
- Links to relevant third-party material with additional details
- Dark web monthly report: This new report details exposed sensitive data such as stolen passwords, financial information, and intellectual property, as well as an assessment of the risk-associated exposure and data exposure trends.
- Risk Score report: While AROs and other views are vital to managing risk in real time, the Risk Score offers insight into how the risks are being managed over time and an overall assessment of the risk an organization carries. Similar to a golf score: the lower, the better. For now, the Risk Score focuses on device risk, with software, operating system, and configuration as key contributors.
- Accounts view: This list provides a shortcut view into the monitored cloud accounts observed by Field Effect. It includes the account identifier, the MFA type, and the cloud provider, among other details. It shows the status of each account so, in cases of an active incident being contained, it displays the locked accounts. Another spoiler: We're adding more detail to this view in 2025, including the risk associated with a given account.
- Supplemental Data view: Sometimes our analysts have ‘moment-in-time’ information they'd like to share with customers to provide added detail for an ARO or vulnerability. In some cases, this information may be beyond what is currently in the ARO template or existing views, or risks getting buried in a specific ARO. As such, the new Supplemental Data view allows our analysts to share information dynamically in this table, without resorting to attachments or cumbersome file share processes.
- Endpoint Services and Scheduled Tasks: This new view on the appliance dashboard displays the services and scheduled tasks on the operating system across Windows, macOS, and Linux devices. This provides insight into persistent software, a factor in determining if it is malicious.
Enhanced software visibility
Providing insight into the various software installed across the network is always a focus of ours, and as such we added a few new areas of visibility:
- Container images and instances of containers running on your endpoints
- Packages installed via Snap pkg manager
- Operating system updates and software installed from the Windows App store
Experience Enhancements
HaloPSA Integration
Two-way integration of AROs with HaloPSA is available to our MSP partners, allowing technicians to manage AROs within their HaloPSA account, with lifecycle and comment synchronization back to the Field Effect Portal.
This is in addition to our existing ConnectWise and Autotask PSA integration, ensuring AROs meet MSP techs where they work.
Suspicious Email Analysis Service (SEAS) PSA Integration
This feature allows greater control of how partners are notified of malicious SEAS results. If this feature is enabled, an ARO will be generated when SEAS identifies an email as malicious or suspicious. This would then be sent via the PSA integration to ConnectWise, Autotask, or HaloPSA to promptly alert technicians.
License Management Portal
Using this new portal, partners can better manage their users against their license allocation. This allows for the self-service creation of customer organizations and their users. It additionally provides clarity on the remaining license count.
Cybersecurity policy templates
Field Effect MDR customers can now access dozens of templates for various relevant cybersecurity policies from within the support portal. These templates will provide you with a starting point for Access Control policies, IR plans, Information Management policies, and more.
Enhanced ARO self-service and suppression logic
There are many reasons you may choose to dismiss or resolve an ARO, several of which directly impact how Field Effect MDR will treat related alerts in the future. To minimize noise and maximize transparency and efficiency between your team and ours, we added a more formalized and easy-to-follow structure when managing an ARO’s lifecycle.
This includes better communications with our analyst team for the reasons why an ARO has been dismissed or resolved, which helps us determine how to handle similar scenarios in the future.
Contextual help
You likely noticed a new help widget within your MDR Portal in the summer of 2024. This new widget provides contextualized help, providing suggested support articles based on where you are in the portal. If none of the suggestions are what you’re looking for, you can further search within the widget for additional articles.
Operational Updates
While items here aren’t directly visible, you will undoubtedly benefit from their outcomes. We are always enhancing our analytic detections based on new or evolving intelligence, and looking at ways to increase efficiency in our service delivery.
Proudly, we saw the following stats through 2024:
- 20% more analytic detections
- 50% reduction in triage time
What's next in 2025?
We’re incredibly proud of the value these updates bring to our partners and customers. Every enhancement we deliver is designed to support you in the ever-changing cybersecurity landscape. Whether it’s strengthening defenses, delivering deeper insights, or enhancing experience, our goal remains the same: to empower you with the tools and knowledge to thrive.
Looking ahead to 2025, we’re excited to continue this journey with you. With new projects already underway—including expanded reporting capabilities and more—you can expect even more releases, updates, and improvements in the coming year.
