Product Overview
These days anyone can be the victim of ransomware. Cyber attackers constantly update their methods and capabilities to gain access to unsuspecting victims’ systems – this is why conventional systems may fall short. Threats such as zero day attacks and polymorphic (mutating) malware can bypass traditional anti-virus/malware solutions.
EDR (Endpoint Detection and Response) combines data and behavioural analysis, making it effective against emerging threats and active attacks such as novel malware, emerging exploit chains, ransomware and advanced persistent threats.
EDR focuses on endpoints, this includes any computer system in a network, such as end-user workstations or servers, cloud workloads with current and legacy operating systems, as well as manufacturing and OT systems.
EDR protects most operating systems but doesn’t include network monitoring. Adding NDR (Network Detection and Response) through the Firewall means a company’s entire infrastructure can be kept safe from attacks. This combined threat hunting capability gives early warning to a threat before it happens.
Historical data collected by EDR tools provide peace of mind and remediation for actively exploited zero-day attacks – even when mitigation is not available.
With the cost of a breach for a SME averaging R4 million, the need for EDR becomes more important than ever. With the possibility of further PoPIA (Protection of Personal Information Act) penalties, businesses can’t not think of using an EDR to protect their data.
Why buy
Real-time proactive risk mitigation and IoT security – reduces the attack surface through vulnerability assessments and risk mitigation policies like virtual patching and application control
Post-Infection Protection – detects and stops advanced attacks in real-time, even when the endpoint has been compromised
Pre-Infection Protection – the first layer of defence to prevent infection from file-based malware via a custom-built, kernel-level next-generation machine-learning based anti-virus (NGAV) engine
Additional MDR (Management Detection and Response) allows for automatic remediation of incidents with the added benefit of industry experts maintaining the integrity of the EDR solution
How it works
Features & Benefits
Discover and Predict:
Delivers advanced automated attack surface policy control with vulnerability assessments and discovery.
Detect and Defuse:
Detects suspicious process flows and behaviours and defuses potential threats and other advanced attacks in real-time to protect data and prevent breaches.
Investigate and Hunt:
Automatically enriches data with detailed information on
malware both pre- and post-infection to conduct forensics on infiltrated endpoints.
Prevent:
Uses machine learning anti-malware to stop attacks before
execution.
Respond and Remediate:
Orchestrates incident response operations using tailor-made playbooks with cross-environment insights. Streamlines incident response and remediation processes. This allows you to manually or automatically roll back malicious changes done by already contained threats – on a single device or multiple devices across the environment.
Active Threat Hunting:
Combined with a SOC (Security Operations Centre) and NDR, the EDR becomes a component for discovering threats that may lay dormant before they are activated.
Additional information
How does EDR work?
Endpoint Detection and Response is explained by three types of behaviour:
- Endpoint Management – This includes the ability to deploy EDR at an endpoint, record its data and store the data in a separate location for analysis.
- Data Analysis – The EDR solution will interpret raw data collected from endpoints and provide usable metadata to determine how a previous attack occurred, how future attacks may occur and steps to be taken to prevent these attacks.
- Threat Hunting – This function scans programmes, processes and files matching known parameters for malware. It also includes the ability to search all open network connections for potential unauthorised access.
EDR’s Incident Response functionality captures images of an endpoint at various times for re-imaging to a previous sound state in the event of an attack. Administrators will also have the option to isolate endpoints and prevent further spread across the network.