Endpoint Detection and Response (EDR)

This functionality is part of the Advanced Security + XDR protection pack, which in turn is part of the Cyber Protection service. Note that when you add EDR functionality to a protection plan, you may be subject to additional charges.

EDR detects suspicious activity on the workload, including attacks that have gone unnoticed. EDR then generates incidents, which provide a step-by-step overview of each attack, helping you understand how an attack happened and how to prevent it from happening again. With easy-to-understand interpretations of each stage in the attack, the time spent on investigating attacks can be reduced to a matter of minutes.

From C24.05, you can extend your EDR functionality with Extended Detection and Response (XDR). Use the XDR graph to gain an additional, enriched perspective of EDR incidents by correlating detections with events from XDR data sources, which includes email and identity management metadata. For more information, see Extended Detection and Response (XDR).