We hear about these new technologies every day, but are we really aware of their differences and complementarities? In short, what are we talking about?
The strengths and benefits of an EDR
EDR, or Endpoint Detection and Response, collects and analyses data from several endpoints to identify behavioural deviations, research incident data and sort alerts that could represent a threat to the endpoint, and therefore potentially to the information system to which it is connected. It allows teams to respond quickly by neutralising threats.
Anton Chuvakin of Gartner defines EDR as “a category of tools and solutions that focus on detecting suspicious activity directly on the hosts of the information system.”
Simply put, EDR is a new generation of anti-malware, no longer relying solely on signature systems to perform malicious behaviour detection. EDR adds behavioural process analysis capabilities to determine deviance.
XDR: "to infinity and beyond”!
XDR (eXtended Detection Response) is the evolution, the eXtension of EDR. And this evolution takes place on several axes.
According to Gartner: ‘XDR is cloud-delivered technology that includes multipoint solutions and advanced analytics to correlate alerts from multiple sources into incidents from individual weaker signals to create more accurate detections. It aims to reduce product sprawl, alert fatigue, integration challenges and operational expenses, and will especially appeal to security operations teams that struggle to manage a portfolio of best-of-breed solutions or leverage a SIEM or SOAR solution.”
While EDR detects at the endpoint level, XDR goes beyond that. It is able to collect and detect deviant and potentially malicious activity on devices such as servers, cloud, networks…
But beyond the much wider range of sources, the XDR brings elaborate functionalities allowing, for example, to increase the level of contextualisation by connecting to the CTI, to bring a greater capacity of anticipation by crossing the detected technical information with external content, to refine the possibilities of response automation by giving an even finer granularity to the intervention.
Why choose TEHTRIS solutions?
TEHTRIS’ pioneering and unique XDR technology allows to centralise and consolidate the data collected by the various sensors and probes deployed in an information system.
The specificity of the TEHTRIS platform is its ability to offer a holistic approach to detection. All modules developed by TEHTRIS are integrated into the platform: SIEM, EDR, MTD, DNS FW, NTA… These modules, interconnected and complementary, bring to our XDR technology a unique capacity of analysis and contextualisation. But the power of the TEHTRIS XDR platform does not stop there. Indeed, we have developed it with the TEHTRIS Open XDR Platform in mind, which means that it also has the capacity to integrate third-party solutions as complementary detection and contextualisation modules.
Huge capacities for complete protection
Concretely, if TEHTRIS detects a strange and hidden binary, the platform will analyse it. If it is known, it will neutralise it. If it is unknown or suspicious, it will ask our SOAR (the platform’s “conductor”) to look at our CTI (Cyber Threat Intelligence) to do all the analyses (antivirus, sandbox, AI) to decide if it is a legitimate program or not. If it’s not, the platform will automatically stop and destroy the threat immediately. The TEHTRIS XDR Platform lets security teams create their own dashboards tailored to organisational reporting.
Interest of the XDR technology
Not all technologies are created equal.
It is essential to have tools that allow to have a holistic view of the activity on the networks, the systems, the cloud, but also to protect simultaneously the workstations, the servers, the networks… They must also allow to detect threats and suspicious behaviour always more advanced, by capitalising on artificial intelligence and its algorithms, international databases, and a platform like TEHTRIS XDR which acts effectively in real-time on the attacks without human intervention. The automation that this technology allows is a real plus for analysts who will save time and be able to focus on more important tasks, the objective being to increase the user experience, to reduce the time of detection and reaction to attacks, the security teams will now be able to visualise in one place all the alerts raised by the different solutions to which they have subscribed, through the TEHTRIS XDR Platform and thanks to the APIs connection.
The contribution of intelligence in our TEHTRIS XDR Platform will allow us to add content, which in turn will feed our AI, it is a virtuous loop. This contribution of information from multiple channels allows us to set up protections against a wide variety of attacks.
Cybersecurity: The upside and downside of AI
Get your copy of this whitepaper, to learn more about cybersecurity, XDR, EDR and how AI drives security. Or get in touch with us directly if you find this topic of interest.
Continue reading about TEHTRIS
Cybersecurity
Top cybersecurity companies to watch in 2024
We selected the top cybersecurity companies to watch in 2024, who have successfully differentiated themselves from other players in the market.
Mohamed El Haddouchi
MDR XDR
Strengthening cybersecurity in the public sector: how MDR and XDR help
If you are active in the public sector, cybersecurity and data safety are extremely important. Find out how MDR and XDR help you strengthen and solidify your security frameworks.
Inès Khabkhabi
TEHTRIS MDR
Enhancing cybersecurity in critical industries: how you can harness the power of MDR and XDR
Do you want to improve your critical OT security? Find out how the combination of MDR and XDR and the features of the TEHTRIS XDR Platform allow you to do that.
Inès Khabkhabi