End-Point Detection & Response (EDR)
Automated Detection and Response to Threats Targeting Your Endpoints
Endpoint Detection and Response system is set up as a hub for the collection, correlation and analysis of endpoint data, as well as alerts and responses to immediate threats.
EDR Solutions in your Enterprise
Endpoint detection and response (EDR) is a technology that is used to protect endpoints, which are all types of computer hardware devices(new and old), IoT devices, mobile and Cloud infrastructure interact in your environment from threat. Tools available here are used to gather data from endpoint devices, and then analyze the data to reveal potential cyber threats and issues. It is a protection against hacking attempts and theft of user data. The software is installed on the end-user device and it is continually monitored. The data is stored in a centralized database. In an incident when a threat is found, the end-user is immediately prompted with preventive list of actions.
Need for EDR solutions in increasing significantly, and geared to increase more due to the growth of desktops, servers, BYODs, IoT devices and many more.
-
Should monitor your inbound and outbound network traffic
-
Continuously analyze activity patterns
-
Immediately should alert you to unusual behavior within the network
There are variety of tools and platforms, both commercial and opensource in market. We use what works and within the budget for our customers. Our services and solutions are with next-generation antivirus, threat detection, investigation, and response, device management, data leak protection (DLP), and other areas that threaten your environment and business.
Setting up your Intrusion Response System
We setup policies or revisit existing policies to make it comply with the site security policy and to take any actions against the attacker that the policy specifies.
We setup Intrusion response in six phases:
1. Preparation for a foreseen attack - Establish procedures and mechanisms for detecting and responding to attacks.
2. Perform Identification of an attack - Trigger remaining phases.
3. Perform Containment of the attack - Limit the damages much as possible.
4. Perform Eradication of the attack - Stop the attack and block further similar attacks.
5. Perform Recovery from the attack - Restore the system to a secure state.
6. Setup Follow-up to the attack - Take action against attacker, identify problems in handling incident, and
record lessons learned
Preparation
Identify the Attack
Establish Procedures and mechanisms for detecting and responding to attacks
Trigger remaining phases
Contain the attack
Limit the damages as much as possible
Stop the Attack
Stop the attack and block similar pattern of attacks
Restore the System
Restore the system to secure state
Follow-up to the Attack
Log the evidence, action against attacker and record lessons learned.
