Acronis Cyber Protect Cloud review: Slick automated threat remediation

Acronis' Cyber Protect Cloud (CPC) amalgamates cybersecurity, data backup, and disaster recovery into one easily managed product. Available from a choice of Acronis MSPs, it delivers a raft of protection measures, and the entire suite requires only a single host agent installed on each endpoint.

On the security side, you get advanced malware protection using Acronis' AI-based behavioral detection engine, web content filtering, patch management, vulnerability assessments, and device controls. We've reviewed the Cyber Protect cloud backup service previously and have been impressed with its excellent data protection and recovery tools.

Acronis offers a range of optional packs for CPC so you can keep costs under control by adding only those you need. The advanced security pack with endpoint detection and remediation (EDR) provides event correlation, threat containment, incident investigation, kill chain analysis, and endpoint rollback recovery.

Pricing is based on workloads or the amount of cloud storage required, with the latter offering the best value. Protection for one workstation with 100GB of cloud backup storage, patch management, and the EDR pack included costs £16 per month.

Acronis Cyber Protect Cloud review: Deployment

CPC offers an extensive range of agent deployment options, and you can do it yourself or let your MSP do it for you. Platform support includes Windows, macOS, and Linux systems, while the backup component also looks after iOS and Android mobiles, the most popular business apps including MS365 and Google Workspace, and all the main virtualization hosts. 

Not only does CPC use a single client agent, but all security and backup settings can be managed within the same protection profile. These are assigned to agent groups and include all backup requirements, enabling EDR, real-time malware scanning and agent self-protection, scheduling vulnerability assessments and patch management tasks, applying web filtering using up to 44 URL categories, and enforcing removable device controls.

Monitoring plans are a new feature and let you keep a close eye on key endpoint hardware metrics including CPU and memory usage, CPU/GPU temperatures, network activity, disk space and transfer rates, and warnings if the client's anti-malware services are disabled. Remote support services can be controlled with management plans that enable NEAR and RDP technician connections to selected client groups, allow file transfer, and use H.264 hardware encoding.

There's a lot going on inside CPC and the web portal dashboard presents a clear overview of your security posture and protection status. It uses a multitude of table, graph, and chart widgets that can be personalized by deleting some, adding others, and dragging them around the console.

Incoming alerts are viewed from the portal's monitoring page or the Protection section, which provides more detail with lists of all incidents filtered by severity and mitigation status. Selecting an incident takes you to an investigation page, which provides a kill chain diagram, details of how the attack developed, and what processes it interacted with.

For unmitigated incidents, you can open an investigation, apply response actions such as adding a malicious URL to a block list, and provide notes on support activities. Entire incidents comprising multiple threats can be remediated by CPC using quarantine actions and rollback of Registry and file changes using the client's local agent cache or backup image.

Businesses concerned about the cost and complexity of separate cybersecurity and data backup solutions will love Acronis Cyber Protect Cloud. It's only available from MSPs, but deployment is simple, everything is accessible from one cloud portal and the EDR pack provides slick automated threat remediation and recovery services.

This content originally appeared on ITPro's sibling magazine PC Pro. For more information and to subscribe, please visit PC Pro's subscription site.