EDR

Simple and complete protection of your endpoints. Since there are advanced threats that can bypass traditional cyber security protections, the EDR service has proven to be an important tool in the effort to search for these threats and eliminate them before they spread over the customer's data and information.

Main features of the Endpoint Detection and Response (EDR) service

– Integrated workflow: Threat detection is performed within the workflow and console of the antivirus services. No more switching from one console to another.

– Efficient endpoint recording: An edge sensor records and stores information about system, communication, and user behaviors. Metadata about this information is sent to the services server to allow the client to pass over indicators (loCs).

– Server side loC sweeping: The service server stores only essential metadata of recorded data of the end users. This allows the client to perform multiple searches or traverse/scan this data without having to check each endpoint individually. In addition, detailed root cause testing can be performed on each endpoint directly.

– Flexible searching: The customer can search by several parameters. Searches can be performed on parameters such as; Specific communications, specific malware, registration activity, account activity, and activation processes.

– Root cause analysis: The customer can drill down into an interactive process tree that illustrates the full attack chain to analyze how the source of the problem was discovered by viewing activities, objects, and processes. An immediate response can be taken to stop the processes.

– Vendor intelligence and assistance: A proactive global threat intelligence layer, Trend Micro™ Smart Protection Network™ provides clarity and assistance to threat investigators. An edge sensor detects known good objects and processes as well as known bad objects and processes. The customer can view the color-coded root cause analysis to identify dangerous or unknown processes and guide the remediation process.

– Immediate response options: The service provides advanced automation to correct the detected source of the problem. It can isolate, block execution, restore settings (and files, in the case of ransomware) including the ability to manually respond while performing an investigation by isolating endpoints.

– Advanced threat detection by virtual analyzer/cloud sandboxing: A cloud sandbox provides dynamic analysis of potentially malicious attachments in a secure virtual environment, and enables automatic submission during the assessment process to mitigate unknown threats, significantly reducing the risk of infection.