ENDPOINT PROTECTION AS A SERVICE (xDR)

ENDPOINT PROTECTION
(xDR - ENDPOINT DETECTION AND RESPONSE, ENDPOINT PROTECTION PLATFORMS)

Endpoint Protection and Response (EDR) is a cybersecurity technology that meets the need for real-time monitoring and focuses on endpoint analysis and incident response. Operated from a single central interface, EDR provides a comprehensive view of the activities of all endpoints of the infrastructure, as well as valuable security data flows that allow IT security professionals to conduct further investigations and countermeasures.

EDR proactively detects new and unknown threats, as well as previously unidentified infections that penetrate the systems of organizations through endpoints and servers. This is done by analyzing previously unassigned events that cannot be categorized as ‘reliable’ or ‘definitely malicious’. EDR also detects zero-day and unknown malware used in APT attacks using a variety of advanced detection technologies, such as YARA (privacy policy), IoC scan (IoC = Indicator of Compromise), or retrospective event correlation analysis based on dynamic machine learning.

In the course of 4iG's EDR service, some elements of the programs are examined in a separate so-called ‘sandbox’ environment. Here we analyze in more detail the behavioral aspects of files, macros and scripts, on the basis of which we determine a risk value. Based on this risk value, we can identify what attack vector we are dealing with.