Endpoint Detection and Response

Detect targeted attacks on your business that bypass endpoint protection and prevent breaches of critical data and infrastructure.

Illustration man working with files connected

What is EDR?

EDR stands for Endpoint Detection and Response. Endpoint Detection Response solutions are designed to continuously monitor and respond to advanced internet threats. They do this by installing agents or sensors on the endpoints, which collect and send behavioral data to a central database for analysis. Using analytics tools, EDR solutions are able to identify patterns and detect anomalies, which can then be automated to send alerts for remedial action or further investigation. F-Secure's EDR solution is F-Secure Elements Endpoint Detection and Response.

Basic capabilities of EDR

EDR detections target dashboard
  • Detecting potentially malicious behavior, like registry key editing and process launches
  • Placing detections into a context and visually presenting the attack with all impacted hosts
  • Including threat intelligence about the prevailing threat landscape
  • Providing guidance on how to respond, instead of just showing low-level event information
  • Allowing the remote stopping of attacks by isolating all impacted hosts from the network

Common advanced attacks

Targeted and advanced attacks are aimed at a particular business or organisation and designed for a specific environment making them more resilient to standard cyber security solutions.

Vulnerability exploits: common security weaknesses in your public-facing systems are an attractive attack avenue, with 57% of breaches resulting from known vulnerabilities that could have been patched 

Spear phishing: extremely effective and extremely common, spear phishing means targeted, deceptive communications designed to trick someone in your organisation into sharing sensitive information or opening an executable file

Watering hole attacks: the attacker looks for vulnerabilities in websites known to be popular among your employees and infects one or more of them with malware

Man-in-the-middle: the attacker intercepts your communications, passing them on only after examining or even altering them – creating the illusion that you are talking directly to a trusted counterpart

Buying access: criminal organisations crowdsource so many attacks on so many systems, that a certain percentage of those systems are bound to be compromised at any given time

How EDR works

The basic idea behind EDR is to empower your IT security teams to identify malicious activity among normal user behaviour. This is achieved by collecting behavioural data and sending it to a central database for analysis. Using AI-driven analytics tools, EDR solutions are able to identify patterns and detect anomalies. These can then be submitted for further investigation or remediation.

F-Secure Elements Endpoint Detection and Response as an endpoint detection and response solution

Leading context-level endpoint detection and response (EDR) solution to help companies to gain immediate visibility into their IT environment and security status, protect the business and its sensitive data by detecting attacks quickly, and responding fast with expert guidance.

Gain immediate visibility into potentially unwanted or harmful applications and cloud services

Identify automatically advanced threats with risk levels and host criticality for easy prioritisation

Visualise attacks in broader context with all relevant detections and hosts on a timeline

Stop attacks fast with built-in guidance or automated response actions based on predefined schedule

Resolve tough cases with on-demand incident analysis and investigations by world-class threat hunters

Reduce management overhead with cloud native and single-client endpoint security solution

Option to outsource advanced threat monitoring to a certified managed service provider

The “Elevate to F-Secure” service alerts F-Secure consultants immediately and consultants will have access to the incident data to help you to solve the case.