EDR and XDR

In the age of targeted attacks and APTs, the technologies available for the protection of endpoints are in a constant state of flux.

Endpoint and extended detection & response (EDR, XDR) aim at detecting compromised systems and supporting incident response.

EDR solutions are installed on the endpoint and monitor the behavior of all processes. What is important is not the users’ behavior but the technical processes like access to files and the registry, communication, starting of processes, manipulation of the storage of processes and much more.

All these operations are considered in an overall context, often also using modern AI techniques, in order to detect a hacking attack or malware.

When an EDR solution is managed in the vendor’s cloud and when additional security products are integrated in the same management besides the EDR agent and are being analyzed together, this is typically called extended detection & response (XDR).

Often, vendors also offer a managed service for this, calling the whole package managed detection & response (MDR).

We know all the details about these modern approaches and products, as well as their actual effectiveness and their limits. We are happy to assist you in analyzing, designing and implementing suitable protective measures.

Here you will find our latest publications on this topic:

Erkennen und reagieren – Neue Verteidigungsansätze EDR und XDR
iX May 2021

Auf dem Radar - Endpoint Detection and Response: Gefahren schnell erkennen und reagieren
iX November 2021

Endstation Gerät – Neue Techniken der Endpoint-Security
iX December 2019