EDR is defined as a solution that “records and stores behavior at the end-system level, uses various data analysis techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity and proposes corrective measures to restore affected systems”.<\/p>\n
How does an EDR system work?<\/strong><\/p>\nOur EDR security solutions take into account and record activities and events occurring on all workloads and certainly endpoints, giving security teams the visibility they need to uncover incidents that would otherwise remain invisible. An EDR solution must provide continuous and complete visibility of what’s happening on endpoints in real time. <\/p>\n
An EDR tool must offer advanced threat detection, investigation and response capabilities – including incident data retrieval and triage of investigative alerts, suspicious activity validation, threat hunting, and malicious activity detection and containment.<\/p>\n
Key functions of our EDR solution<\/h3>\n
Automatic detection of even the most unobtrusive attackers<\/strong><\/p>\nEDR technology combines complete visibility of all endpoints with IOA and applies behavioral analysis, which analyzes billions of events in real time to automatically detect traces of suspicious behavior.<\/p>\n
Understanding individual events as part of a larger sequence enables the EDR to apply high-level security logic. If a sequence of events matches a known IOA, the EDR tool will identify the activity as malicious and automatically send a detection alert. Users can also write their own customized searches, going back up to 90 days. <\/p>\n
Managed threat hunting for proactive defense<\/strong><\/p>\nWith EDR, threat hunters work proactively to research, investigate and advise on threat activity in your environment. When a threat is discovered, we work with your team to triage, investigate and remediate the incident, before it becomes a full-blown breach. <\/p>\n
Real-time visibility and history<\/strong><\/p>\nThe EDR solution acts as a digital recorder at the endpoint, logging relevant activity to detect incidents that have escaped prevention. As a customer, you benefit from complete visibility of everything that happens on endpoints from a security point of view, as our monitoring tracks hundreds of different security-related events, such as process creation, driver loading, registry modifications, disk access, memory access or network connections. <\/p>\n
Speeding up investigations<\/strong><\/p>\nEndpoint detection and response is able to accelerate the speed of investigation and, ultimately, remediation, because the information gathered from your endpoints is stored in the cloud, with an architecture based on a situational model.<\/p>\n
The model keeps track of all relationships and contacts between each endpoint event using a massive and powerful graphical database, providing detail and context quickly and at scale, for both historical and real-time data. This enables security teams to quickly investigate incidents. <\/p>\n
This speed and level of visibility, combined with integrated, contextualized intelligence, provides the information needed for in-depth data understanding. This enables security teams to effectively track even the most sophisticated attacks, and to quickly discover, sort, validate and prioritize incidents, leading to faster and more accurate remediation.<\/p>\n<\/div><\/div><\/div>
<\/span>