Endpoint Detection and Response
Detect targeted attacks on your business that bypass endpoint protection and prevent breaches of critical data and infrastructure.
What is EDR?
EDR stands for Endpoint Detection and Response. Endpoint Detection Response solutions are designed to continuously monitor and respond to advanced internet threats. They do this by installing agents or sensors on the endpoints, which collect and send behavioral data to a central database for analysis. Using analytics tools, EDR solutions are able to identify patterns and detect anomalies, which can then be automated to send alerts for remedial action or further investigation. F-Secure's EDR solution is F-Secure Rapid Detection & Response.
Basic capabilities of EDR
- Detecting potentially malicious behavior, like registry key editing and process launches
- Placing detections into a context and visually presenting the attack with all impacted hosts
- Including threat intelligence about the prevailing threat landscape
- Providing guidance on how to respond, instead of just showing low-level event information
- Allowing the remote stopping of attacks by isolating all impacted hosts from the network
Common advanced attacks
Targeted and advanced attacks are aimed at a particular business or organization and designed for a specific environment making them more resilient to standard cyber security solutions.
Vulnerability exploits: common security weaknesses in your public-facing systems are an attractive attack avenue, with 57% of breaches resulting from known vulnerabilities that could have been patched
Spear phishing: extremely effective and extremely common, spear phishing means targeted, deceptive communications designed to trick someone in your organization into sharing sensitive information or opening an executable file
Watering hole attacks: the attacker looks for vulnerabilities in websites known to be popular among your employees and infects one or more of them with malware
Man-in-the-middle: the attacker intercepts your communications, passing them on only after examining or even altering them – creating the illusion that you are talking directly to a trusted counterpart
Buying access: criminal organizations crowdsource so many attacks on so many systems, that a certain percentage of those systems are bound to be compromised at any given time
How EDR works
The basic idea behind EDR is to empower your IT security teams to identify malicious activity among normal user behavior. This is achieved by collecting behavioral data and sending it to a central database for analysis. Using AI-driven analytics tools, EDR solutions are able to identify patterns and detect anomalies. These can then be submitted for further investigation or remediation.
F-Secure Rapid Detection & Response as an endpoint detection and response solution
Leading context-level endpoint detection and response (EDR) solution to help companies to gain immediate visibility into their IT environment and security status, protect the business and its sensitive data by detecting attacks quickly, and responding fast with expert guidance.
Gain immediate visibility into potentially unwanted or harmful applications and cloud services
Identify automatically advanced threats with risk levels and host criticality for easy prioritization
Visualize attacks in broader context with all relevant detections and hosts on a timeline
Stop attacks fast with built-in guidance or automated response actions based on predefined schedule
Resolve tough cases with on-demand incident analysis and investigations by world-class threat hunters
Reduce management overhead with cloud native and single-client endpoint security solution
Option to outsource advanced threat monitoring to a certified managed service provider
The “Elevate to F-Secure” service alerts F-Secure consultants immediately and consultants will have access to the incident data to help you to solve the case.
