ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

Endpoint Detection and Response (EDR)

Endpoint Detection and Response Wiki

This article supplements the wiki entry “Virus scanner”, which explains what antivirus programs are, how virus scanners work and what advantages and disadvantages they have. He sheds light on Endpoint Detection and Response (EDR), a further development of virus scanners and endpoint protection, in order to combat the development of malware with the help of new technologies.

What is EDR (Endpoint Detection and Response)?

Endpoint Detection and Response (EDR) is an advanced solution that is integrated with Endpoint Protection to enable continuous data collection, monitoring and automated analysis and response functions. It can protect endpoints from advanced malware, APTs and phishing attacks.

Are you looking for professional advice on protecting your IT?

We gladly support you! Contact us now!

To contact!

What kind of threat does it protect against?

EDR protects against malware, anomalous behavior and fileless attacks using advanced analytics. It also deals with documenting and tracking the tactics, techniques and procedures (TTP / Tactic, Technique and Procedure) used, how the attackers came into and moved around the network.

Most organizations implement endpoint protection, which is a means of reactive security, but integrating EDR also provides organizations with proactive security. Even with the best solutions, there is no 100% protection; it makes access more difficult for attackers due to the significantly increased effort and the required know-how.

Some information collected by EDR:

Endpoint Detection PSN Icon LAN

1. Processes:

The analysis of processes provides information on running programs on end devices. Malicious processes invoke other processes, and this information can help determine the parent process of a malicious process.

PSN Icon Network

2. Network connections:

Information is collected on all active and pending connections.

Icon Leistung

3. System information:

Gathering information about end devices to identify abnormal system behavior. This information helps identify what has changed on a system in the event of an incident.

Nutzer

4. User information:

Gathering user information for machine learning can help determine its standard user behavior and thus identify anomalies.

PSN Icon Rocket

5. Autostart:

Control of the auto start. This is one of the most widely used means of code execution and attacking systems as some malware tries to hide in the Windows startup process.

Endpoint Detection and Response capabilities

PSN Icon Network Transfer Scope

1. Collecting and monitoring:

The data is collected centrally for monitoring and used to detect threats. This collected data is useful for Security Operation Centers (SOC) and used in incident response.

Emotet - evolution of malware

2. Alerting and prioritization:

If threats are detected, the IT security officers are alerted. When multiple threats occur, prioritization takes place in order to effectively avert the threat.

Scan

3rd examination:

EDR offers the possibility of using correlated events to visualize the progress of the attack.

Icon Einstellungen

4.Automation and real-time response to threats:

If end devices do not comply with the guidelines or malware is discovered, EDR offers automated response options, such as isolating these end devices from the network or isolating the entire network area.

PSN Icon Network Transfer Scope

5. Hunt for threats:

An active search can find threats and prevent them from being exploited.

Bild des stellvertretenden Geschäftsführers Immanuel Bär

Your IT is not yet monitored by a SOC?

Contact us now and we will help you implement it!

IT security consulting

Areas of application of endpoint detection and response

Proactive by posting potential dangers (Cross referencing to “Network Traffic Analysis”)

Replacement of regular endpoint protection in larger companies with their own SOC

For subsequent incident analysis

Zuletzt aktualisiert am August 16, 2021

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing

  • Vulnerability analysis

  • Trainings

  • IT security consulting

  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap