NoteAhnLab EDR is an endpoint detection and response solution that continuously monitors endpoints to detect, analyze and respond to threats. It provides endpoint-visibility-based threat detection and response by analyzing and monitoring behaviors on a behavior-based analysis engine. It is plug-in based, so you only need to apply its policy to deploy and integrate it with multiple security tools.
Note
AhnLab EDR license is provided when you purchase it.
AhnLab EDR provides organizations with threat visibility by using MDP engine, AhnLab's behavior-based engine, to collect and save behavior information from endpoints, and trace and analyze the vectors of detected threats.
AhnLab EDR monitors behaviors of the OS in the endpoint level based on V3. It does not need a separate kernel drive, so it will not degrade endpoint performance and be easily deployed.
AhnLab EDR can be easily deployed based on EPP, a next-generation endpoint management platform. The single console enables effective integrated management of endpoint security and response. If you are using both V3 and AhnLab EPP Agent, you do not need to install a separate agent. You only need to add a license to use EDR.
Set the integrated policies of multiple security tools plugged in to AhnLab EPP, for better threat response.
AhnLab EDR provides an attack flowchart and details on threats, and presents appropriate response methods (terminate process, block network, and collect and search for files) based on threat type, behavior and attack level.
The security administrator can collect and search for endpoint information and establish policies based on it to actively respond to threats.
Maximizes security control effect by getting threat intelligence from SIEM and ESM connected to AhnLab EDR through AhnLab EPP's automated Syslog.
AhnLab EDR provides various detection, analysis, repair and control features that are essential in endpoint detection and response tools.
Features |
Details |
Collection |
Collect file, network, process and system behavior information |
Collect file creation, modification and deletion information |
|
Collect registry creation, modification and deletion information |
|
Collect network (IP/URL) connection information |
|
Collect process (PID/PPID) information |
|
Detection |
Detect based on IoC (STIX) |
Provide alert when malware is detected |
|
Analysis |
Scan entire files |
Various file search conditions (hash value, file size, file name, file path, IP/URL and behavior log) |
|
Provide process tree on suspicious file |
|
Alert admin and send mail on events detected by rules |
|
Provide dump file information to analyze suspicious agent |
|
Collect Artifacts on suspicious agent |
|
Response |
Quarantine network of suspicious agent |
Collect and search for suspicious file |
|
Block network connection from/to specific IP/URL |
|
Input/Output IoC information in STIX format |
|
Manage threat groups as virtual groups |
|
Collect shared folder information and disable sharing |
|
Scan malicious file specified by admin |
|
Management |
Provide OTP authentication for admin login |
Remotely patch agent |
|
Create permissions for individual admin |
|
Scan admin behavior |
|
Send notice |
|
Monitor status (CPU/MEM/DISK/Network) of each server |
|
Monitor status (On/Offline, IP address and OS info) of each agent |
|
Report |
Create user-defined reports |
Export report in CSV, XLS and PDF format |
|
Create user-defined dashboard |
|
Others |
Provide Syslog option (send event logs to SIEM or other integrated log server and support UDP/TCP/TCP over SSL) |
Provide SNMP integration |
|
Provide Open API info |