Lugo installs EDR on our clients networks to provide them with next generation anti-malware and cyber-attack protection.
EDR is designed to prevent, detect, and respond to evolving cyber threats to your endpoints. It goes beyond traditional antivirus via a signatureless approach—that means no waiting for recurring scans or updates to signature definitions. And in the event of an attack, EDR can take steps to help contain the threat, reverse the effects, and automatically roll back the endpoint or compromised files to a healthy state
EDR uses artificial intelligence to detect unusual behaviour that could indicate malicious activity. This gives users more proactive protection, helping them detect threats that AV vendors may not even be aware of yet. Plus, EDR protects against more than just viruses, including file-less malware attacks and weaponised documents.
Features and benefits
- Near real-time file analysis: The system analyses files continuously, replacing time-intensive recurring scans.
- Signatureless approach: Fight back against the latest threats without having to wait for daily definition updates.
- Offline protection: Artificial intelligence data is stored on the endpoint to help keep it protected while offline.
- Machine learning: The system determines how to best respond to threats and adjusts those responses over time.
- Behavioural artificial intelligence engines: Harness AI engines that analyse multiple data points to identify threats and determine if a response is necessary.
- Near real-time alerts: Receive alerts whenever a threat is detected or neutralised..
- Executive insight and key findings: See aggregated data on threats—current number of active threats, number of threats found in a specified time period—and review threats and fixes over time.
- Forensics: See an overview and the storyline of an attack so you can quickly understand the threat.
- Threat summaries: Review information on specific threats, such as dates they were identified, dates they were reported, and their file names.
Take Advantage of Automation
- Custom policies: Policies can be tailored to include allow/block USB, allow/block endpoint traffic, and specify the best automated response.
- Enhanced quarantine: Select the “Disconnect from Network” option to prevent machines from further infecting the network.
- Automatic rollback: Attacks are automatically contained and neutralised, and compromised files are automatically replaced by the last known healthy version (Windows OS only).