Home » EDR


EDR stands for Endpoint Detection and Response. The term EDR first appeared in 2013 in an analysis by the consulting firm Gartner. Analyzing the fact that hackers primarily target employee workstations, Gartner has introduced the concept of “Endpoint Detection and Response” to designate a security solution to detect and remedy cyber threats targeting endpoints (computer, server).

How does an Endpoint Dectection and Response work?

In recent years, companies have been the target of sophisticated attacks using known and unknown threats (called zero-day or 0day). Called APT for Advanced Persistent Threat, these advanced threats most often use several attack vectors simultaneously, ultimately allowing them to infect a machine and then spread to the company’s computer systems. Faced with cyber attacks by ransomware, emails (phishing, spear phishing), Trojan horses, spyware, traditional antiviruses were no longer able to stem the threat. And for good reason, antivirus and other EPP (Endpoint Protection Platform) based on signatures can only detect threats that have already been seen as such. However, groups of attackers are now masters in the art of concealment to avoid this type of detection. Remember that in 2020, 1,600 companies around the world announced that they had been the target of a ransomware attack.

The power of CTI during malware incident analysis replay with Glimps

EDR vs antivirus

When traditional antivirus software relies on a database of signatures, it is not able to detect malicious code if the latter’s signature is not included in its knowledge base. With the emergence of polymorphic malware (same strain of virus, but different fingerprint), the effectiveness of an antivirus scan has been greatly reduced. To address this problem, the role of the EDR technology or solution is to detect and analyze, alert and neutralize the threat based on the behavioral observation of the covered system. Rather than relying on a knowledge base, an EDR (endpoint detection response) solution has an autonomous analysis capacity. 

EDR, a semi-autonomous detection capability.

Using supervised data models (AI) and using behavioral analysis, EDR searches for malicious behavior and anomalous scenarios. An EDR solution has, for example, the ability to detect the following scenarios:

  • Compilation of an executable.
  • Launching a PowerShell command with the use of obfuscated parameters.
  • Modification of the Windows registry.
  • Running a macro from an attachment.
  • Unwanted connections.
  • Access to sensitive data by a malicious individual.
  • Authentication using a password from an unauthorized IP.

EDR technology enables near-instantaneous remediation.

If a machine is infected, EDR has the ability to automatically remediate the threat. Removing a virus, stopping a process in progress (Kill of the PID), the EDR provides an almost instantaneous response capacity. In the case of human intervention, the main EDR solutions also allow opening a shell and typing commands on the infected machine.


EDR, a valuable asset for Threat Hunting but not to be used alone

The technical nature and rapid evolution of hacker techniques demonstrate the need for research, analysis and mapping of these threat strategies. attacks. A standalone tool will never have the ability to detect 100% of potential threats. If he has never previously mapped a similar strategy, the threat will not be detected. By collecting contextualized data, EDR provides valuable information to analyst teams.

XDR to extend your ability to detect computer threats

Endpoint Detection and Response vs XDR

At SEKOIA.IO, we provide our users (SOC teams) with an XDR platform combining “the power of a SIEM, the agility of SaaS and the efficiency of a SOAR, driven by intelligence”. Thanks to its ability to interconnect all your security solutions (on-premise or SaaS), you have extensive visibility of all security events that may occur within the digital infrastructure. Then, the presence of an actionable CTI (Cyber ​​Threat Intelligence) ; materialized by indicators of compromise and a real-time detection engine in SIGMA correlation format, allows you to detect the most recent threats; contextualize alerts and enrich your investigations around very advanced attack scenarios. Finally, you will find among our playbooks, the way to automate a unified response to detected incidents; from a single console.

Watch the replay of the Webinar on Sigma Correlation

You can also consult our definition on: XDR (eXtended Detection and Response), CTI  (Cyber Threat Intelligence), EPT (Endpoint Protection Tool), CERT, CSIRT.

If you are visiting our website for the first time, know that we are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platformCTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.

Others Terms

XDR(eXtended Detection & Response)

XDR (eXtended Detection & Response) designates a holistic approach to cybersecurity operational. It stands out for its ability to consolidate and automate on a unified SaaS platform all data, analyzes and responses to cyber threats, regardless of their origin, supplier or specialization.

SOC(Security Operations Center)

Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)

Échangez avec l’équipe

Vous souhaitez en savoir plus sur nos solutions de protection ?
Vous voulez découvrir nos produits de XDR et de CTI ?
Vous avez un projet de cybersécurité dans votre organisation ?
Prenez rendez-vous et rencontrons-nous !

Chat with our team !

Would you like to know more about our solutions ?
Do you want to discover our XDR and CTI products ?
Do you have a cyber security project in your organization ?
Make an appointment and meet us !