EDR - Endpoint Detection Response
      Back to home
      1. INFO CENTER
      2. EDR - Endpoint Detection Response

      EDR Capabilities

      Endpoint Detection & Response

      TEKRiSQ shield

      TEKRiSQ's EDR solution is security software.

      It helps lock down and secure systems at the endpoint level, helping protect both those endpoints and the wider network against cyber criminals.

      EDR is often compared to simple antivirus tools, but in reality they offer far more.

      Specifically, it uses AI and machine learning to track possible threats and act on your behalf to address them with fact & accurate results.

      It is a next-gen antivirus solution replacing the known signature-based antivirus solutions.

      It detects, alerts, kills and quarantines malicious and suspicious threats.

      Improve Incident Response times for threat events

      EDR uses a variety of mechanisms including:

      • Reputation Engine - ensures that known malicious files are not written to the disk or executed.
      • Static AI Engine- scans for malicious/suspicious files written to disk. This engine runs scans upon file execution and when files are written to the disk.
      • Behavioral AI Executable Engine - Uses advanced machine learning tools to detect malicious activities in real-time.
      • Documents & Scripts Behavioral AI Engine - Separately focuses on documents and scripts.
      • Lateral Movement AI Engine - Detects remote device attacks.
      • Anti Exploitation & Fileless AI Engine - Focused on exploits and fileless atack attempts (web related and command line exploits).
      • Granular Remediation Capabilities - Automated cleanup & recovery.

      Remediate:

      This option assists in removing damage caused by the threat, but not a full rollback, which "rewinds" to a specific point in time.

      Rollback:

      During a rollback, the affected device is restored to a saved Volume Shadow Copy (VSS) snapshot, which attempts to reverse any damage.

      In other words, it seeks to restore endpoint to a state before the attack started doing damage.

      This can be particularly helpful for ransomware attacks, where it rolls the endpoint back before files were maliciously encrypted.

      This may negate the need to pay the ransom.

      Beyond that, the rollback feature happens near instantaneously - much faster than if you were restoring from a backup. However, it doesn't eliminate the need for a good and functional cloud-based backup.

       

      Processing occurs locally on the endpoint—unlike some other EDR vendors that require a resource and time-intensive uploads to the cloud for threat analysis and processing. Doing this allows you to detect threats faster and recover from threats even more quickly. You can rapidly recover, in an automated fashion.

      EDR provides true context via a “visual storyline.” You can see what process spawned the attack as well as how it replicated and spread. You’ll also find answers to how the threat is constructed. This provides actionable information you can use to help improve your customers’ security posture.

      The storyline unfolds in real-time as an attack occurs, but with EDR, you’re far from defenseless.
      Your recovery options include killing, quarantining, and remediating (rolling back) the attack—
      depending on how you’ve set up the agent for each end user. Think of the EDR agent as your
      personal SOC (security operations center) analyst. You can literally undo the damage done,
      rendering ransomware useless.

       

       

      TEKRiSQ+shield