![[Translate to English:] Managed EDR](/fileadmin/_processed_/7/5/csm_20-CS-MS-EDR_622ac32caf.jpg "[Translate to English:] Managed EDR")
Protect endpoints better
What is EDR?
EDR stands for Endpoint Detection & Response and is a software-based technology concept, usually based on machine learning/artificial intelligence. The aim is to protect endpoints such as notebooks, PCs and servers from malware - e.g. ransomware, spyware and viruses. To do this, all background processes and activities on the devices are monitored: file executions and modifications, registry changes, network connections and binary executions are scanned as soon as they appear suspicious. If, for example, a connection is established from a supposedly clean Word document to the Internet or even to a known command & control server within a botnet, this is detected by good EDR solutions, alerted or, depending on the setup, prevented directly.
The difference from anti-malware and antivirus
As sophisticated as classic, signature-based anti-malware software is today: It still only works with regard to threats that are already known. Even the next generation anti-virus concepts, which work with differentiated score values and are also better equipped for fileless attacks, are not sufficient for security on the endpoints in the home office. Hackers develop new malicious codes almost every hour, while the current anti-malware tools only detect attacks with a time delay.
EDR: The anti-malware protection for the unknown
Whether on-site at the company or in the home office: Managed EDR detects conspicuous malicious code on your employees' work devices, even if they have not yet been officially recorded as such. Machine Learning is used for this purpose. Artificial intelligence knows the patterns of known viruses and quarantines intruders that resemble these patterns in parts and have therefore been identified as malicious. So-called software agents detect the attackers within the Windows, Linux and macOS operating systems, and also in Virtual Desktop Infrastructures (VDI). The agents are installed locally on the end devices to be protected and retrieve their configuration, any updates, and the latest version of the AI model from the cloud platform.
EDR takes into account numerous properties, such as the size, certain contents (strings), icons, imports used, access permissions, packers used, programming languages, header details or compiler properties. New, unknown files are then compared against this model in real time before they are executed and classified accordingly.
Our solution also detects threats directly in memory, without involving files or disk accesses. For this purpose, the behavior of processes is observed. Scripting languages such as JScript, tools such as PowerShell or macros in Office documents (VBScript) are often used in attacks. Managed EDR identifies malicious or unauthorized behavior by monitoring the respective script interpreter. In the event of anomalies, an alert is issued immediately.
Acting automatically - protecting endpoints better
Detecting threats is one thing - acting is another: In the event of malware incidents, Managed EDR triggers automated actions according to your requirements, such as disconnecting the compromised host from the network. However, this does not simply shut down the endpoints, but establishes a secure channel from the server while shutting down all further communication around the device. For any security incident, the faster it is detected and remediated, the less damage it does. Automation therefore efficiently increases your IT security many times over.
Antivirus | EDR |
|
|
|
|
|
|
|
|
Operation and monitoring in the SOC
Our solution consists of lean, high-performance agents running on your endpoints and a central, multi-tenant cloud platform operated in Europe. As your IT service provider, we take over the management of endpoint detection & response completely for you in our BSI-certified Security Operation Center (SOC). Among other things, we take care of the configuration as well as regular additions of further system groups and agent policies. You also don't need to worry about regular maintenance: Your end devices are reliably protected against both common known attacks and new types of attacks.
You also benefit from professional reporting on malware detections. Of course, you will be alerted immediately as soon as anything conspicuous happens that is classified as critical by the system. The evaluation is performed by our security experts, who are appropriately trained and can reliably assess whether an incident is relevant. We provide concrete recommendations on how you can further improve the security of your endpoints.
Our services for you
- Client registration
- Customized configuration and implementation
- Platform management (updates, user management, configuration adjustments
- Alerting and informed support for malware detections
- Reporting (dashboard, report on findings)
- Incident management / qualified recommendations for action
Your benefits
- Detection of malware before its execution, regardless of the outgoing file format
- Preventive protection against ransomware as well as new types of attacks such as zero days
- Detection and prevention of attack activities in memory; keyword fileless
- Protion against Powershell, macro or other script-based attacks
- Complement or completely replace traditional solutions for anti-malware / anti-virus
- Automated reaction to detected threats according to definable guidelines (e.g. selective network disconnection or similar)
- Support of forensic analysis
- Transparent licensing model: per month per end device
- In the event of a confirmed emergency (true positive), we support you with incident response.