Endpoint Detection and Response

Existing security tools are typically focusing on one or a few specific tasks. They do not provide enterprise-wide visibility, context, and analytics which is critical when it comes to defending against the increasingly serious threatlandscape. These tools often generate a huge number of alerts, which overload and distract constrained SOC teams and security professionals, leading to missed attacks, and incomplete investigations.

An Endpoint Detection and Response solution provides detailed information on all user activity, including in-and outgoing web traffic. Alarms generated by the EDR agent not only provides detailed information, but the option to take immediate action on these detections, including isolating the endpoint, removing all identified signs of infection, and doing a deeper investigation into the attack on all assets included in the attack via one central management console.

With EDR organizations can perform effective and automated threat hunting across all endpoints.

What is Watchcom Managed EDR?

Watchcom Managed EDR is an endpoint-based Detection- and Response-service with market-leading technology from Cybereason - managed and operated by our SOC-team.

Our expert analysts based in our Nordic Security Operation Centers monitor your environment either 8 x 5 or 24 x 7 x 365.

We will contact you according to your SLA whenever we find threats inside your organization that requires your attention.

As an optional service, we can also take immediate response on the infected endpoints in your system. We can isolate the infected endpoint(s) and remediate the threats, thereby lowering MTTD and MTTR (Mean Time to Detect and Mean Time to Respond) considerably –from days to minutes/hours.

All information about the suspicious activity in the network is available in the platform and no external toolsets are required to investigate or respond to the threat identified.

With EDR you are able to answer the following questions with confidence:

1. Are we under attack?
2. How should we respond?
3. What is the full story of the attack?
4. What TTPs are the attackers using?

A Next-Generation Anti-Virus Agent, and operation, is available as an add-on-service. This is single-agent-solution, so the NGAV-functionality can be activated through the central management console if needed.

The solution is easy to implement and has high ROSI (Return on Security Investment) when compared to other Managed Detection- and Response solutions.