What is Managed EDR?

Our Managed Detection and Response (MDR) service is powered by our business grease Endpoint Detection & Response (EDR) platform. Our managed EDR service provides full visibility of all server and workstation activity – which is actively monitored 24/7/365 by the ConnectDS Security Operations Centre (SOC).

The ConnectDS managed EDR platform provides continuous monitoring of your business devices which is coupled with the expertise of the ConnectDS Security Analysts to processes and validate advanced alerts mapped to the Mitre ATT&CK framework, in addition to advanced threat hunting.

What are the Benefits of a Managed EDR Solution?

With the increase of the remote workforce and cloud based solutions the network perimeter is dissolving resulting in a decrease in the protection and visibility provided through traditional network security controls such as a network firewall, this presents a requirements for more focused endpoint security protection and visibility of the host as a vital part of any modern security strategy.

Traditional anti-virus is only able to stop malware that it has seen before (signature based), this is vastly different from EDR which uses behavioural analytics to determine would software should and should not be doing, thus detecting more unique and targeted attacks. As well as detecting new threats, EDR may also expose threats that have been active on your systems for some time, completely unnoticed.

this allows us to autonomously detect attacks in real-time by providing our SOC team with immediate alerting and attack technique context.

What does Managed EDR Include?

This service provides continuous monitoring from our Security Operations Centre (SOC) to protect your organisation from both known and unknown threats; pre-execution, on-execution and post-execution.

Device Control (Optional)

Ability to control endpoint activity such as enforcing host firewall rules, mitigating data exfiltration by enabling custom rules to prevent or control the usage of USB storage media, and preventing the transfer of malicious code.

NGAV

Overcoming the limitations of traditional Anti-Virus and provides pre-execution protection to detect and prevent advanced threats.

EDR

Deep endpoint visibility with the detection of malicious indicators allows our security teams to quickly detect and investigate suspicious activity and identify the root cause behind internal and external threats, misconfiguration and policy violations within the environment.

Containment and Response

Upon the detection of malicious code execution, our SOC can initiate containment of the compromise by remotely preventing any network activity through host isolation. In the event of a crypto attack, the rollback system detects and mitigates mass encryption and performs a rollback of the system to the pre-crypto state.

Upon the detection of malicious code execution, our SOC can initiate containment of the compromise by remotely preventing any network activity through host isolation. In the event of a crypto attack, the rollback system detects and mitigates mass encryption and performs a rollback of the system to the pre-crypto state.

What Devices Will Our Managed EDR Work On?

The EDR agent is lightweight and compatible with all supported Windows, Mac and Linux operating systems as well as the following server endpoints:

  • Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, 2016
  • CentOS 6.5, 7.0, 7.2
  • Red Hat Enterprise Linux 6.5, 7.0, 7.2
  • Ubuntu 12.04, 14.04, 16.04, 16.10
  • SUSE Linux Enterprise Server 12SP1
  • Oracle Linux 6.5 – 6.9, 7.0+
  • Amazon Linux (AMI) 2016.09+, 2017.03+

Frequently Asked Questions about Endpoint Detection & Response:

Please see below for some common questions on our Managed EDR services, if you would prefer to speak to someone then give us a call and speak to one of our team in our Surrey or London offices to understand your requirements and learn how our security experts support other businesses in the United Kingdom (UK).

EDR stands for Endpoint Detection and Response and provides visibility of endpoint activity enabling analysts to respond to detected events and perform threat hunting and response to cyber threats.

ETDR stands for Endpoint Threat Detection and Response.

XDR was an evolution of EDR to indicate that the platform can take multiple data signals not just from the Endpoint.

EDR and Anti-Virus perform completely different roles, although many of the leading endpoint security platform incorporates the visibility and threat detection capabilities of EDR with preventative controls of AV or NGAV.

Endpoint Detect and Respond platforms provide great visibility of host activity. Although the management and maintenance of the platforms can be very intensive, ConnectDS provide the Tooling, Processes and Expertise required to run a successful security program.

Managed Detection and Response (MDR) is a managed security service; theoretically this can be performed using security operations tool, EDR is typically a core component due to the visibility for threat hunting teams. The ConnectDS Managed detection and response (MDR) service is based around a managed EDR platform – delivering comprehensive threat hunting and management for UK businesses.

EDR requires a skilled team of security analysts to monitor events in the EDR platform and the ability to perform threat hunting – The security monitoring can be performed inhouse or outsourced; for SME businesses it may be considerably cheaper to partner with an outsourced SOC provider to deliver the solution as a managed security service due to the level of expertise, training and resourcing required to monitor these systems in real time.

An effective EDR security system records endpoint events that can identify or indicate a threat, with most EDR solutions there are hundreds of signals collected from devices including user, process and network activity.

All EDR platforms operate slightly differently, ConnectDS use the Mitre Att@ck framework to identify an EDR’s capabilities and limitations into detecting the detailed tactics and techniques.

ConnectDS support multiple EDR solutions, our inhouse solutions retain event data for 6 months. This can be archived or retained for compliance and retention requirements using a SIEM solution.

What is your current exposure
on the dark and open Web?

Speak to us today about getting one of our cyber specialists to perform a FREE DARKWEB SECURITY ASSESSMENT & REPORT that will provide you with actionable insight to your current exposure.

REQUEST NOW

Free Dark Web Reports Are Limited To 20 Assessments Per Month

crown-commercial-service-logo
cyber exchange member logo
Cyber Essentials logo
CISP logo
IASME logo

SIGN UP TO OUR NEWSLETTER

Sign up to our email newsletter – opt out at anytime -View our Privacy Policy.