XDR EDR

XDR vs EDR: understanding the differences and their advantages

3 min. read
Placeholder for COVER ARTICLES XDR COVER BLOC 1024x538COVER ARTICLES XDR COVER BLOC 1024x538

Share

We hear about these new technologies every day, but are we really aware of their differences and complementarities? In short, what are we talking about?

The strengths and benefits of an EDR

EDR, or Endpoint Detection and Response, collects and analyses data from several endpoints to identify behavioural deviations, research incident data and sort alerts that could represent a threat to the endpoint, and therefore potentially to the information system to which it is connected. It allows teams to respond quickly by neutralising threats.

Anton Chuvakin of Gartner defines EDR as “a category of tools and solutions that focus on detecting suspicious activity directly on the hosts of the information system.”

Simply put, EDR is a new generation of anti-malware, no longer relying solely on signature systems to perform malicious behaviour detection. EDR adds behavioural process analysis capabilities to determine deviance.

XDR: "to infinity and beyond”!

XDR (eXtended Detection Response) is the evolution, the eXtension of EDR. And this evolution takes place on several axes.

According to Gartner: ‘XDR is cloud-delivered technology that includes multipoint solutions and advanced analytics to correlate alerts from multiple sources into incidents from individual weaker signals to create more accurate detections. It aims to reduce product sprawl, alert fatigue, integration challenges and operational expenses, and will especially appeal to security operations teams that struggle to manage a portfolio of best-of-breed solutions or leverage a SIEM or SOAR solution.”

While EDR detects at the endpoint level, XDR goes beyond that. It is able to collect and detect deviant and potentially malicious activity on devices such as servers, cloud, networks…

But beyond the much wider range of sources, the XDR brings elaborate functionalities allowing, for example, to increase the level of contextualisation by connecting to the CTI, to bring a greater capacity of anticipation by crossing the detected technical information with external content, to refine the possibilities of response automation by giving an even finer granularity to the intervention.

Placeholder for Visuel ruban Les Assises v2Visuel ruban Les Assises v2

Why choose TEHTRIS solutions?

TEHTRIS’ pioneering and unique XDR technology allows to centralise and consolidate the data collected by the various sensors and probes deployed in an information system.

The specificity of the TEHTRIS platform is its ability to offer a holistic approach to detection. All modules developed by TEHTRIS are integrated into the platform: SIEM, EDR, MTD, DNS FW, NTA… These modules, interconnected and complementary, bring to our XDR technology a unique capacity of analysis and contextualisation. But the power of the TEHTRIS XDR platform does not stop there. Indeed, we have developed it with the TEHTRIS Open XDR Platform in mind, which means that it also has the capacity to integrate third-party solutions as complementary detection and contextualisation modules.

Huge capacities for complete protection

Concretely, if TEHTRIS detects a strange and hidden binary, the platform will analyse it. If it is known, it will neutralise it. If it is unknown or suspicious, it will ask our SOAR (the platform’s “conductor”) to look at our CTI (Cyber Threat Intelligence) to do all the analyses (antivirus, sandbox, AI) to decide if it is a legitimate program or not. If it’s not, the platform will automatically stop and destroy the threat immediately. The TEHTRIS XDR Platform lets security teams create their own dashboards tailored to organisational reporting.

Interest of the XDR technology

Not all technologies are created equal.

It is essential to have tools that allow to have a holistic view of the activity on the networks, the systems, the cloud, but also to protect simultaneously the workstations, the servers, the networks… They must also allow to detect threats and suspicious behaviour always more advanced, by capitalising on artificial intelligence and its algorithms, international databases, and a platform like TEHTRIS XDR which acts effectively in real-time on the attacks without human intervention. The automation that this technology allows is a real plus for analysts who will save time and be able to focus on more important tasks, the objective being to increase the user experience, to reduce the time of detection and reaction to attacks, the security teams will now be able to visualise in one place all the alerts raised by the different solutions to which they have subscribed, through the TEHTRIS XDR Platform and thanks to the APIs connection.

The contribution of intelligence in our TEHTRIS XDR Platform will allow us to add content, which in turn will feed our AI, it is a virtuous loop. This contribution of information from multiple channels allows us to set up protections against a wide variety of attacks.

Get in touch

Do you want to know more about this topic?

Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.

Call now
Placeholder for Portrait of french manPortrait of french man

More updates