AhnLab | AhnLab EDR

AhnLab EDR

Precise Detection
Optimized Response

Attacks against endpoints are becoming more advanced and diversified. We live in an age where new malware appear daily, making it almost impossible to prevent them all beforehand. In these times, we need to establish a security system that minimizes threats through continuous monitoring and promptly responds to breaches.

AhnLab EDR offers the precise threat detection and optimum response by analyzing the cause and context of cyber threats. Then, it proactively hunts them, allowing customers to implement preemptive measures and prevent recurrence. Powered by our technologies built up for more than 30 years, AhnLab EDR has proven its threat detection and response capabilities, particularly in recent MITRE ATT&CK Evaluation Round 4 which emulated Wizard Spider and Sandworm.

Based on our behavior analysis engine, AhnLab EDR provides an unmatched threat behavior monitoring and analysis and ultimately a broader endpoint visibility. As customers can easily operate and deploy the product, they can enjoy the advanced threat detection and response capabilities more conveniently.

※ For more information, please contact us at global.sales@ahnlab.com

AhnLab EDR excels today’s EDR product requirements with multiple strengths: ▲Easy Operation ▲Advanced Threat Detection & Classification ▲Professional Analysis and Response ▲MDR ▲Verification from MITRE ATT&CK Evaluations.

1. Easy Operation

Detecting and responding to cyber threats in recent days is essentially complicated mission, making “easy operation” of the product ever more important. In line with that, AhnLab EDR offers an exclusive console called “EDR Analyzer”, equipped with our technological capabilities accumulated over the years.
The EDR Analyzer dashboard goes beyond showing simple statistics. It allows customers to precisely perceive threats from detection, analysis, and response perspective, and configure security conditions accordingly. Also, AhnLab EDR continuously collects information on each type of suspicious behaviors and store them in the central server of EDR Analyzer. Consequently, it optimizes the operation and alleviates the storage burden by letting users adjust the level of behavior information collection.

2. Advanced Threat Detection and Classification

Powered by our behavior analysis engine, AhnLab EDR independently analyzes global and local threat actors by engineering detection patterns and rules to further elaborate threat detection. The product allows users to combine over 40 different dynamic and static conditions for custom rules with automated response. In addition, it classifies threats into 16 behavior categories based on the MITRE ATT&CK Framework, enabling the users to identify security risks intuitively. Other information such as threat severity and risk probability is also provided via machine-learning technology.

3. Professional Analysis and Response

To effectively deal with detected threats, AhnLab EDR offers detailed analysis including threat information from the MITRE ATT&CK Framework, inflow paths, major behaviors, correlations, severities, and links. The analyzed data is then displayed in form of ▲diagrams, ▲process trees, ▲and timelines, allowing the user to easily identify the overall attack flow. Users can also carry out on-demand scans for key behaviors and perform an additional analysis via interoperation with AhnLab TIP and AhnLab MDS.

Along with the professional analysis capabilities, AhnLab EDR offers three types of response features: ▲manual ▲auto ▲breach incident. First off, AhnLab EDR is equipped with various manual response features, including network block & unblock file deletion & restoration, process termination, and disablement of folder sharing, allowing users to take direct action against threats. Users can also secure resilience across the overall business operation via the ‘rollback’ feature, which safely restores damaged PC data to its previous state.
With AhnLab EDR, users can configure response measures such as network block, process block, and file deletion to be performed automatically according to custom rules. Moreover, the product secures flexibility in operation thanks to the features that automatically block known IoCs and exclude IP, URL, Port, and rule information. By using plug-in products of AhnLab EPP, users can leverage interconnected response features of various security products. In addition, AhnLab EDR provides breach incident response features, which are available in the forms of comprehensive file scan and collection of AhnReport artifacts, and Windows event logs.

4. Default Managed Service Adding Resilience

Among the events detected by AhnLab EDR, primary/secondary reports and statistics-based reports are provided for high severity events, allowing users to utilize the solution more efficiently. Furthermore, threat response can also be implemented under prior consultation with the customer.
*The service is provided by default in AhnLab EDR. However, it cannot be provided if external transmission of EDR detection logs is unavailable.

5. EDR Premium, Taking Threat Response to the Next Level

EDR Premium is the combination of AhnLab EDR and MDR service providing specialized threat detection and response capabilities. EDR Premium customers are assisted by our cybersecurity experts who monitor, analyze, and determine known threats or suspicious behaviors and respond proactively.
At the heart of EDR Premium, there is AhnLab's unparalleled threat response expertise accumulated for decades. EDR Premium generates tickets on threats that occur in customer endpoint environments and utilizes reputation and malware behavior information for systematic task implementation based on AhnLab's threat response process.

Furthermore, AhnLab offers a wide range of professional services linked to EDR Premium, such as forensics, professional malware analysis, providing various options to improve threat analysis and response capabilities.
*EDR Premium is a charged service; for service cost and other details, please make a separate inquiry.
6. Proven in MITRE ATT&CK Evaluations