EDR

EDR stands for Endpoint Detection and Response. The term EDR first appeared in 2013 in an analysis by the consulting firm Gartner. Analyzing the fact that hackers primarily target employee workstations, Gartner has introduced the concept of “Endpoint Detection and Response” to designate a security solution to detect and remedy cyber threats targeting endpoints (computer, server).

How does an Endpoint Dectection and Response work?

In recent years, companies have been the target of sophisticated attacks using known and unknown threats (called zero-day or 0day). Called APT for Advanced Persistent Threat, these advanced threats most often use several attack vectors simultaneously, ultimately allowing them to infect a machine and then spread to the company’s computer systems. Faced with cyber attacks by ransomware, emails (phishing, spear phishing), Trojan horses, spyware, traditional antiviruses were no longer able to stem the threat. And for good reason, antivirus and other EPP (Endpoint Protection Platform) based on signatures can only detect threats that have already been seen as such. However, groups of attackers are now masters in the art of concealment to avoid this type of detection. Remember that in 2020, 1,600 companies around the world announced that they had been the target of a ransomware attack.

The power of CTI during malware incident analysis replay with Glimps

Watch the replay

EDR vs antivirus

When traditional antivirus software relies on a database of signatures, it is not able to detect malicious code if the latter’s signature is not included in its knowledge base. With the emergence of polymorphic malware (same strain of virus, but different fingerprint), the effectiveness of an antivirus scan has been greatly reduced. To address this problem, the role of the EDR technology or solution is to detect and analyze, alert and neutralize the threat based on the behavioral observation of the covered system. Rather than relying on a knowledge base, an EDR (endpoint detection response) solution has an autonomous analysis capacity.

EDR, a semi-autonomous detection capability.

Using supervised data models (AI) and using behavioral analysis, EDR searches for malicious behavior and anomalous scenarios. An EDR solution has, for example, the ability to detect the following scenarios:

Compilation of an executable.
Launching a PowerShell command with the use of obfuscated parameters.
Modification of the Windows registry.
Running a macro from an attachment.
Unwanted connections.
Access to sensitive data by a malicious individual.
Authentication using a password from an unauthorized IP.

EDR technology enables near-instantaneous remediation.

If a machine is infected, EDR has the ability to automatically remediate the threat. Removing a virus, stopping a process in progress (Kill of the PID), the EDR provides an almost instantaneous response capacity. In the case of human intervention, the main EDR solutions also allow opening a shell and typing commands on the infected machine.

EDR vs XDR

EDR, a valuable asset for Threat Hunting but not to be used alone

The technical nature and rapid evolution of hacker techniques demonstrate the need for research, analysis and mapping of these threat strategies. attacks. A standalone tool will never have the ability to detect 100% of potential threats. If he has never previously mapped a similar strategy, the threat will not be detected. By collecting contextualized data, EDR provides valuable information to analyst teams.

Discover our XDR solution

XDR to extend your ability to detect computer threats

At SEKOIA.IO, we provide our users (SOC teams) with an XDR platform combining “the power of a SIEM, the agility of SaaS and the efficiency of a SOAR, driven by intelligence”. Thanks to its ability to interconnect all your security solutions (on-premise or SaaS), you have extensive visibility of all security events that may occur within the digital infrastructure. Then, the presence of an actionable CTI (Cyber Threat Intelligence) ; materialized by indicators of compromise and a real-time detection engine in SIGMA correlation format, allows you to detect the most recent threats; contextualize alerts and enrich your investigations around very advanced attack scenarios. Finally, you will find among our playbooks, the way to automate a unified response to detected incidents; from a single console.

Watch the replay

You can also consult our definition on: XDR (eXtended Detection and Response), CTI (Cyber Threat Intelligence), EPT (Endpoint Protection Tool), CERT, CSIRT.

If you are visiting our website for the first time, know that we are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.

Others Terms

Others Terms

XDR(eXtended Detection & Response)

XDR (eXtended Detection & Response) designates a holistic approach to cybersecurity operational. It stands out for its ability to consolidate and automate on a unified SaaS platform all data, analyzes and responses to cyber threats, regardless of their origin, supplier or specialization.

SOC(Security Operations Center)

Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !

Contactez-nous

Chat with our team !

Would you like to know more about our solutions ?
Do you want to discover our XDR and CTI products ?
Do you have a cyber security project in your organization ?
Make an appointment and meet us !

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_152945562_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
Inbound Converter	2 ans	This script communicates back to TechTarget which accounts, based on reverse IP lookup, have visited this website. The information that is transmitted includes: URL of page landed on, Timestamp of visit, IP Address
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.