What is Endpoint Detection & Response (EDR)?​

Endpoint Detection and Response (EDR) is a cybersecurity service that continually monitors endpoints in real time (e.g., laptop, mobile devices) to detect, hunt, investigate and respond to suspicious activities including advanced persistent threats (APT’s).  EDR collects and aggregates data from endpoints and enriches accuracy through additional cloud analysis.

 

Key Elements of Endpoint Detection & Response

  1. Asset Monitoring
  2. Malware Threat Detection
  3. Incident Investigation
  4. Mitigation Response  
  5. Remediation

 

EDR Benefits​

  • Quickly identify, isolate and stop malicious activities through proactive threat hunting
  • Acts as a “backstop” to traditional file-based antivirus solutions by detecting in-memory malware 
  • Telemetry-based, EDR uses previously collected endpoint readings to identify normal behavioral patterns and abnormal which may indicate a possible attack​
  • Enhances endpoint security; a vital component as the number of endpoints and remote work grows exponentially​

Key Elements of Endpoint Detection & Response​

Asset Monitoring​

Real-time monitoring is accomplished via an “always on” agent that is constantly scanning the endpoint for malware and threats.

  • Real-time detection of file and file-less threats.
  • Unobtrusive, minimal footprint.
  • Agent runs in background.
  • Same agent as Vulnerability Management

Malware Threat Detection

The detection process analyzes endpoint event to:

  • Identifies file and fileless threats 
  • Detects high risk events and malicious connections.   
  • Assigns a risk score to the threat.  The higher the score, the higher the certainty of malware.

Incident Investigation​

Incident Investigation allows the Security Analyst to determine the nature and scope of the potential malicious activity including:  

  • How many assets are impacted
  • Which assets are impacted (e.g., laptops, servers)
  • Severity of the incident
  • Malware type (e.g.,  file, fileless, network, mutex, registry etc.)

Mitigation Response

Once the incident has been investigated, action is taken to minimize the impact of the threat, also known as mitigation.  

  • Delete impacted file(s)
  • Quarantine impacted files(s)
  • Kill a running process

Remediation

While mitigation seeks to contain and isolate a problem to prevent further damage, remediation prevents future recurrence across the attack surface. This may include:

  • Applying application or system patches regularly
  • User education & training
  • Enabling least-privilege access rights to both applications and operating systems
  • Implementing additional security measures such as endpoint protection (e.g., anti-malware software), two-factor authentication, firewalls, VPN’s, frequent data backups, pop-up blocking,  

Why Axians?

Full lifecycle support throughout your projects, from audits to operations​

5 Benefits of Project Management As a Service (PMaaS)

A dense network of business units​

Find helpful resources

Local teams on hand to attend ​to your every need​

Meet our team

An extensive global footprint​

Read our past case studies

Innovative solutions​

Explore our services

The combined strengths of all VINCI Energies entities​

Learn more about Vinci Energies