Case Study: SANS Institute achieves ransomware protection and real-time endpoint remediation with enSilo

WhatWorks in Endpoint Security Surviving Advanced Targeted Attacks by Augmenting (or Replacing) Legacy AV with EnSilo

SANS Institute faced growing risk from ransomware and advanced targeted attacks and needed a lightweight, low‑impact alternative to legacy signature‑based antivirus across Windows and Mac desktops. After testing roughly 10 solutions in a POC, SANS selected enSilo’s Endpoint Security Platform to provide continuous monitoring, post‑infection protection and real‑time remediation without the user disruption common to classical AV.

enSilo delivered a SaaS endpoint agent deployed in a staged monitoring→blocking rollout that reached about 15,000 endpoints in three months (vs. a planned six). The platform caught nearly all pen‑tested malware (only one bypassed sample), produced very few false positives after policy tuning, enabled removal of traditional AV on Macs, and stopped business impact from ransomware and CPU‑based exploits such as Meltdown/Spectre. enSilo’s rapid support and cloud management also reduced operational overhead while forwarding telemetry to existing logging tools.

SANS Institute

John Pescatore

Director of Emerging Security Trends