Endpoint Detection and Response_
Next Generation Endpoint solutions that track application behaviour with machine learning to identify a potential threat_
These days anyone can be the victim of ransomware. Cyber attackers constantly update their methods and capabilities to gain access to unsuspecting victims’ systems – this is why conventional systems may fall short. Threats such as zero day attacks and polymorphic (mutating) malware can bypass traditional anti-virus/malware solutions.
EDR (Endpoint Detection and Response) combines data and behavioural analysis, making it effective against emerging threats and active attacks such as novel malware, emerging exploit chains, ransomware and advanced persistent threats.
EDR focuses on endpoints, this includes any computer system in a network, such as end-user workstations or servers, cloud workloads with current and legacy operating systems, as well as manufacturing and OT systems.
EDR protects most operating systems but doesn’t include network monitoring. Adding NDR (Network Detection and Response) through the Firewall means a company’s entire infrastructure can be kept safe from attacks. This combined threat hunting capability gives early warning to a threat before it happens.
Historical data collected by EDR tools provide peace of mind and remediation for actively exploited zero-day attacks – even when mitigation is not available.
With the cost of a breach for a SME averaging R4 million, the need for EDR becomes more important than ever. With the possibility of further PoPIA (Protection of Personal Information Act) penalties, businesses can’t not think of using an EDR to protect their data.
Real-time proactive risk mitigation and IoT security – reduces the attack surface through vulnerability assessments and risk mitigation policies like virtual patching and application control
Post-Infection Protection – detects and stops advanced attacks in real-time, even when the endpoint has been compromised
Pre-Infection Protection – the first layer of defence to prevent infection from file-based malware via a custom-built, kernel-level next-generation machine-learning based anti-virus (NGAV) engine
Additional MDR (Management Detection and Response) allows for automatic remediation of incidents with the added benefit of industry experts maintaining the integrity of the EDR solution
How it works
Features & Benefits
How does EDR work?
Endpoint Detection and Response is explained by three types of behaviour:
- Endpoint Management – This includes the ability to deploy EDR at an endpoint, record its data and store the data in a separate location for analysis.
- Data Analysis – The EDR solution will interpret raw data collected from endpoints and provide usable metadata to determine how a previous attack occurred, how future attacks may occur and steps to be taken to prevent these attacks.
- Threat Hunting – This function scans programmes, processes and files matching known parameters for malware. It also includes the ability to search all open network connections for potential unauthorised access.
EDR’s Incident Response functionality captures images of an endpoint at various times for re-imaging to a previous sound state in the event of an attack. Administrators will also have the option to isolate endpoints and prevent further spread across the network.