EDR collects, analyses and precorrelates logs of a server or client and alerts if an attack, fraudulent use or error is detected. It checks file integrity of the local system. Rootkit detection identifies hidden actions by attackers, trojans, viruses, etc. when system changes occur.
EDR leads to real-time alerts and active response. EDR integrates smoothly with LDA and delivers additional valuable information for central correlation.
Technical details: It runs on nearly every operating system (Linux, Solaris, HP-UX, AIX, BSD, MacOS, Windows, VMware ESX) and supports to meet compliance requirements. Centralized policy deployment is done for all EDR agents to monitor the server’s compliance.