Skip to content
Endpoint Protection

“We have antivirus” is not a security control.

Consumer antivirus matches known malware signatures. Modern intrusions don't use known malware — they use your own admin tools against you. Managed endpoint detection and response, powered by Sophos, watches behaviour, not just signatures, on every device.

Engagement snapshotGMAN IT
SophosEnterprise EDR, managed
EnquirePer endpoint/mo, resold & managed
BehaviouralDetection, not signature-only
Every deviceFleet-wide, not a subset
The gap between antivirus and protection

Antivirus asks “have I seen this before?” Modern attacks are built to answer no.

Consumer and free antivirus tools rely on recognising malware that's already been catalogued. An attacker using a brand-new variant, or no malware at all, just your own system tools, walks straight past that check. Endpoint detection and response watches what a process does, not just what it is.

How GMAN protects

Detection that watches behaviour, not a catalogue.

Every device carries the same standard, monitored and actioned by us, not left to whatever came pre-installed.

  1. 01

    We watch behaviour, not just signatures

    Managed EDR flags what a process does — encrypting files at speed, disabling backups — not only what it's been catalogued as.

  2. 02

    We deploy to the whole fleet

    Every device is enrolled and monitored, not a subset chosen because it was easiest to reach.

  3. 03

    We isolate automatically, at machine speed

    A confirmed threat gets the affected device disconnected in seconds, before a human has finished reading the alert.

  4. 04

    We can roll back what got through

    Ransomware encryption events can be reversed to the pre-encryption state, not just detected after the fact.

What’s deployed

6 controls. One accountable partner.

Every line below is deployed, monitored, and maintained by us — not a part-time attention split across your other vendors.

Deployed and maintained by us

Endpoint Protection — Inclusions Ledger

  1. Enterprise EDR deployed on every endpointPowered by Sophos — the whole fleet, not a subset.
  2. Behavioural detection, not signature-onlyFlags what a process does, catching threats no signature has been written for yet.
  3. Automated isolation on confirmed threatsThe affected device is cut off in seconds, before a human finishes reading the alert.
  4. Ransomware rollback capabilityEncrypted files can be reversed to their pre-encryption state.
  5. 24/7 monitoring of endpoint alertsA security operations function reviewing what the platform flags, around the clock.
  6. Monthly fleet health & coverage reportEvery device accounted for, in a report your board can read.
EDR vs antivirus
The signature peak

“We have antivirus” and managed EDR are not the same sentence.

Side by side, the line is not subtle.

Consumer / free antivirus

Managed EDR · Sophos

Detection method
Signature matching against known malware only.
Behavioural detection plus signatures — flags what a process does, not just what it is.
Response
An alert, if anyone is watching for it.
Automated isolation of the affected device within seconds of a confirmed threat.
Coverage
Per-device, often unmanaged and inconsistently updated.
Fleet-wide, centrally managed, with monthly coverage reporting.
Visibility
None — you find out only after something has already gone wrong.
Monthly report on detections, actions taken, and fleet health.
Rollback
None. Encrypted files stay encrypted.
Ransomware encryption events can be reversed to their pre-encryption state.
Oversight
Nobody rostered to watch its alerts.
Monitored 24/7 by GMAN's security operations function.
Operational security excellence

We don't describe the work. We show it.

Case file · Financial & Accounting · Melbourne · redacted

A ransomware encryption event, rolled back in nineteen minutes.

  • A finance-team laptop was compromised via a malicious macro that consumer antivirus had cleared as safe.
  • Managed EDR detected the encryption behaviour within seconds and isolated the device automatically.
  • The affected files were rolled back to their pre-encryption state without restoring from backup.

The laptop was back in use the same afternoon. No ransom was discussed, and no data was lost.

Read the full file

The complete teardown — every gap found and closed — sent to your inbox. No call required.

One email, the file, nothing else. We don't sell lists — discretion is the work.

“We have antivirus” won’t hold up against a modern intrusion.

A Cyber Risk Assessment shows exactly where you stand, and what it takes to close it. Credited toward your first year of protection.