Endpoint Detection & Response (EDR), there to protect your devices

What is EDR?

Among your computer assets, each connected device represents a potential attack vector and each connection constitutes an entry point to your information system and sensitive data. Anti-virus technologies’ abilities are limited against advanced cyberattacks. EDR (Endpoint Detection and Response) solutions can address such limitations.

These EDR solutions are used to enhance endpoint security with real-time monitoring, smart detection of intrusions and rapid remediation, and continuous improvement of protection.

Real-time endpoint monitoring

EDR technology works by collecting data that passes through endpoints, from network connections to different processes, open files, driver loading, memory and disk usage, and access to the central database. Thereafter, all such data are sent to an EDR analysis engine, which detects suspicious and abnormal behavioural patterns. The issue at stake is the real-time and complete visibility of all endpoint activities, enabling quick identification of malicious activities.

Smart detection and fast remediation

EDR technologies use behavioural analysis to recognise such suspicious and abnormal behavioural patterns. The centralised data analysis phase is key, as it corroborates information and infers attack patterns, including Zero-Day cyberattacks, from them. In the event of detection of a cyber-threat or attempted intrusion, the EDR recommends remediation measures such as stopping a process in progress, preventing a file from executing, quarantining a file, or isolating infected devices, etc. Security administrators and analysts will then be able to investigate the results of the analyses and apply the most appropriate remediation choices.

Continuous improvement of protection

With operating procedures continuing to evolve constantly, the EDR solution helps the Security teams to understand and learn. Using the data collected and analysed during the investigation phases, they are better equipped to fight future cyberattacks. In particular, incident response makes it possible to better understand past actions; for example, by visualising the causal links of an attack chain, and continuously improving the protection provided by the EDR solution.

Stormshield Endpoint Security Evolution, your certified EDR solution

With the Stormshield Endpoint Security Evolution (SES) solution, you can increase the level of protection of your workstations with a proactive EDR solution. Using unsigned analytics technology, the SES solution detects and responds appropriately to attacks and cyber-threats. Our trusted EDR solution has obtained first-level security certification (CSPN) from France’s ANSSI cybersecurity agency in the Intrusion Detection category.

Discover an EDR solution for protecting next-generation terminals and servers. And its Cyber Threat Intelligence and Threat Hunting capabilities give you advanced detection of the most sophisticated cyberattacks.

Q&A: How does an EDR work?To detect sophisticated cyberattacks, the EDR identifies suspicious and abnormal behaviour through “Indicators of Compromise” (IoCs). These are not always exceptional events; they can be ordinary actions such as opening a connection to an external server. Once these suspicious behaviours have been identified, the EDR solution recommends rapid remediation measures and allows for subsequent investigation based on the results of analyses.

Q&A: EDR or XDR? It is essential for terminal protection tools to include an incident detection and response capability. As a complement to electronic EDR, the XDR (eXtended Detection and Response) platform aims to bring together all internal and external IT assets (network, directories, cloud resources, firewalls, etc.) in order to provide an overview of information system events.