Managed EDR
Work safely everywhere
Even without pandemic pressure: the home office has become established and most of us like to work at home from time to time. But is company data actually secure when company notebooks are used at home? Detecting threats and, above all, reacting quickly - that's what we do for you with Managed Endpoint Detection & Response (EDR).
What is EDR?
EDR stands for Endpoint Detection & Response and is a software-based technology concept that is usually based on machine learning/artificial intelligence. The aim is to protect endpoints such as notebooks, PCs and servers from malware - e.g. ransomware, spyware and viruses. For this purpose, all background processes and activities on the devices are monitored: file executions and modifications, registry changes, network connections and binary executions are scanned as soon as they appear suspicious. If, for example, a connection is established from a supposedly clean Word document to the internet or even to a known command & control server within a botnet, this is detected by good EDR solutions, alerted or, depending on the setup, directly prevented.
Detect: Discover the unknown
Whether on-site in the company or in the home office: with EDR, conspicuous malicious codes on the work devices of your employees are detected, even if they have not yet been officially recorded as such. Machine learning is used for this. Artificial intelligence knows the patterns of known viruses and quarantines intruders that resemble these patterns in parts and have therefore been identified as malicious. So-called software agents detect the attackers within the operating systems Windows, Linux and MacOS, and also in Virtual Desktop Infrastructures (VDI). The agents are installed locally on the end devices to be protected and retrieve their configuration, any updates and the latest version of the AI model from the cloud platform.
EDR takes into account numerous properties, such as the size, certain contents, imports used, access permissions, packers used, programming languages, header details or compiler properties. New, unknown files are then compared against this model in real time before they are executed and classified accordingly.
Our solution also detects threats directly in memory, without files or hard disk accesses being involved. This is done by observing the behaviour of processes. Scripting languages such as JScript, tools such as PowerShell or macros in Office documents (VBScript) are often used in attacks. Our Managed EDR solution detects malicious or unauthorised behaviour by monitoring the respective script interpreter. In the event of anomalies, an alert is issued immediately.
Response: Act immediately
Recognising threats is one thing - acting immediately is another:
In the event of malware incidents, EDR triggers automated actions according to your requirements, for example disconnecting the endangered host from the network. However, the endpoints are not simply shut down, but a secure channel is established from the server, while all further communication around the device is shut down. For any security incident, the faster it is detected and remediated, the less damage it does. Through automation, you therefore efficiently increase your IT security many times over.
- Your end devices in home offices and companies are reliably protected
- They provide defence against ransomware, Powershell, macro or other script-based attacks
- EDR detects malware before it is executed - regardless of the outgoing file format
- Keyword fileless: attack activities are detected and prevented in memory
- EDR reacts to detected threats in an automated way and according to jointly defined guidelines (e.g. selective network disconnection)
- You use existing knowledge: EDR supports forensic analyses
- Transparent licence costs: per month per end device
- Confirmed emergency (true positive)? We help with incident response.
Operation and monitoring in the SOC
Our solution consists of lean, high-performance agents that run on your endpoints and a central, multi-client cloud platform operated in Europe. As your IT service provider, we take over the administration of the Endpoint Detection & Response completely for you in our BSI-certified Security Operations Center (SOC). Among other things, we take care of the configuration and regular additions of further system groups and agent policies. You also do not need to worry about regular maintenance work: Your end devices are reliably protected against both common known attacks and new types of attacks.
You also benefit from professional reporting on malware detection. Of course, you will be alerted immediately as soon as anything conspicuous happens that is classified as critical by the system. The evaluation is carried out by our security experts, who are trained accordingly and can reliably assess whether an incident is relevant. We provide concrete recommendations on how you can further improve the security of your endpoints.
- Set-up of your own client
- Customised configuration and implementation
- Platform management (updates, user management, configuration adjustments)
- Alerting and well-founded support in the event of malware detections
- Reporting (dashboard, report on findings)
- Incident management with qualified recommendations for action
On the way to XDR
XDR - this stands for Extended Detection & Response, i.e. the all-encompassing detection of attacks and a fast response to them. For this purpose, the combination of various existing components is used in a holistic solution. The basis is typically a SIEM (Security Incident & Event Management) system, which is extended by EDR (Endpoint Detection & Response) and NDR (Network Detection & Response).
We provide you with the right solution for your specific situation - as a managed service in the dacoso Security Operations Centre with 24/7 hotline. This means that you can rely on the holistic detection of incidents in your entire network and a targeted response to them.