Protect endpoints better

Even without pandemic pressure: the home office has become established, and most of us like to work at home from time to time. But is corporate data actually secure when company notebooks are used at home? Detect threats and respond quickly - that's what we do for you with Managed Endpoint Detection & Response (EDR).

What is EDR? 

EDR stands for Endpoint Detection & Response and is a software-based technology concept, usually based on machine learning/artificial intelligence. The aim is to protect endpoints such as notebooks, PCs and servers from malware - e.g. ransomware, spyware and viruses. To do this, all background processes and activities on the devices are monitored: file executions and modifications, registry changes, network connections and binary executions are scanned as soon as they appear suspicious. If, for example, a connection is established from a supposedly clean Word document to the Internet or even to a known command & control server within a botnet, this is detected by good EDR solutions, alerted or, depending on the setup, prevented directly.

The difference from anti-malware and antivirus

As sophisticated as classic, signature-based anti-malware software is today: It still only works with regard to threats that are already known. Even the next generation anti-virus concepts, which work with differentiated score values and are also better equipped for fileless attacks, are not sufficient for security on the endpoints in the home office. Hackers develop new malicious codes almost every hour, while the current anti-malware tools only detect attacks with a time delay. 

EDR: The anti-malware protection for the unknown

Whether on-site at the company or in the home office: Managed EDR detects conspicuous malicious code on your employees' work devices, even if they have not yet been officially recorded as such. Machine Learning is used for this purpose. Artificial intelligence knows the patterns of known viruses and quarantines intruders that resemble these patterns in parts and have therefore been identified as malicious. So-called software agents detect the attackers within the Windows, Linux and macOS operating systems, and also in Virtual Desktop Infrastructures (VDI). The agents are installed locally on the end devices to be protected and retrieve their configuration, any updates, and the latest version of the AI model from the cloud platform.

EDR takes into account numerous properties, such as the size, certain contents (strings), icons, imports used, access permissions, packers used, programming languages, header details or compiler properties. New, unknown files are then compared against this model in real time before they are executed and classified accordingly.

Our solution also detects threats directly in memory, without involving files or disk accesses. For this purpose, the behavior of processes is observed.  Scripting languages such as JScript, tools such as PowerShell or macros in Office documents (VBScript) are often used in attacks. Managed EDR identifies malicious or unauthorized behavior by monitoring the respective script interpreter. In the event of anomalies, an alert is issued immediately.

Acting automatically - protecting endpoints better

Detecting threats is one thing - acting is another: In the event of malware incidents, Managed EDR triggers automated actions according to your requirements, such as disconnecting the compromised host from the network. However, this does not simply shut down the endpoints, but establishes a secure channel from the server while shutting down all further communication around the device. For any security incident, the faster it is detected and remediated, the less damage it does. Automation therefore efficiently increases your IT security many times over.



  • signature-based detection of malware: known codes are identified
  • Property-based detection: attack patterns of even unknown malware are identified
  • Checks files
  • Checks background actions and processes
  • Damaged files are reported and deleted or quarantined
  • after the malware is detected, actions are started automatically
  • little information about the corrupted files
  • Detailed forensics on the origin and distribution paths of the malware possible

Operation and monitoring in the SOC

Our solution consists of lean, high-performance agents running on your endpoints and a central, multi-tenant cloud platform operated in Europe. As your IT service provider, we take over the management of endpoint detection & response completely for you in our BSI-certified Security Operation Center (SOC). Among other things, we take care of the configuration as well as regular additions of further system groups and agent policies. You also don't need to worry about regular maintenance: Your end devices are reliably protected against both common known attacks and new types of attacks.

You also benefit from professional reporting on malware detections. Of course, you will be alerted immediately as soon as anything conspicuous happens that is classified as critical by the system. The evaluation is performed by our security experts, who are appropriately trained and can reliably assess whether an incident is relevant. We provide concrete recommendations on how you can further improve the security of your endpoints.

Our services for you

  • Client registration
  • Customized configuration and implementation
  • Platform management (updates, user management, configuration adjustments
  • Alerting and informed support for malware detections
  • Reporting (dashboard, report on findings)
  • Incident management / qualified recommendations for action

Your benefits

  • Detection of malware before its execution, regardless of the outgoing file format
  • Preventive protection against ransomware as well as new types of attacks such as zero days
  • Detection and prevention of attack activities in memory; keyword fileless
  • Protion against Powershell, macro or other script-based attacks
  • Complement or completely replace traditional solutions for anti-malware / anti-virus
  • Automated reaction to detected threats according to definable guidelines (e.g. selective network disconnection or similar)
  • Support of forensic analysis
  • Transparent licensing model: per month per end device
  • In the event of a confirmed emergency (true positive), we support you with incident response.

How can we help you?