EDR Solution

DONGHOON Itech is carrying out various businesses such as ICT consulting-based security.

What is EDR?

EDR is a concept, not a solution. In order to overcome the technical limitations of traditional endpoint security solutions, it can be said to be a kind of methodology for endpoint security that has recently recognized the need to be introduced worldwide. It aims to secure the organization's security by gaining visibility and obtaining forensic evidence that traditional endpoint security solutions cannot find.

Why do we need EDR?
Typical endpoint security solutions include DLP and AV. They prevent the leakage of important information within the organization and plays a role in protecting the organization's digital assets from malware infection. However, despite the introduction and operation of these solutions, the organization's important digital assets are being leaked or damaged by malicious codes such as ransomware. Behaviors that attempt to leak data within the organization or methods of malicious codes are becoming more intelligent and advanced. In other words, the limitations of existing traditional endpoint security solutions are clearly being revealed. In order to solve the shortcomings of these existing traditional endpoint security solutions, it is necessary to apply the endpoint security methodology called EDR to the organization. By collecting the execution log of all executable files executed in the endpoint terminal and the lifecycle log of document files, which are unstructured data, visibility is secured. Based on such visibility, if the leakage behavior of the organization's digital assets is monitored and controlled in advance, the organization's endpoint security will be improved if all behaviors of malicious code are monitored and controlled.

What competencies does EDR include?

When reviewing the introduction of a solution that provides an EDR function, the following should be considered.

1. You need to decide which endpoint security zone you want to apply the EDR feature to.
The purpose of the EDR function must be clearly determined, whether to monitor and control the leakage of the organization's internal digital data, or whether to focus on protecting the organization's digital assets from attacks by malicious code, etc.
2. Make sure 100% Visibility is provided.

2. Make sure 100% Visibility is provided.
There are a number of solutions on the market that provide EDR capabilities. However, there are only a few solutions that provide 100% of the visibility that is at the heart of EDR capability. In other words, solutions that collect relevant before/after logs only when they are judged to be anomalies cannot be called true EDR solutions. Basically, you need to be able to collect 100% lifecycle information for all executable files and documents that occur on the endpoint.

3. Ensure that timeline-based correlation information for suspicious behavior is provided.

4. If the ML function is provided, it will provide the convenience of work in which only important information can be checked among numerous logs.

5. In addition, “alert classification and filtering”, “multi-threat protection”, “interworking with other solutions”, etc. should be considered.

What are the advantages of EDR-related solutions handled by DONGHOON Itech?
DONGHOON Itech handles the following solutions with EDR function.
1. Digital Guardian, an EDR-based endpoint DLP that monitors and controls signs of internal information leakage
2. CrowdStrike, which provides ML-based next-generation vaccine functions and EDR-based detection, threat hunting, and incident response functions
  • Digital Guardian is an endpoint-based next-generation DLP that provides EDR capabilities. Traditional DLP solutions provide the ability to retrieve and control the contents of a document when data is about to leak out of the endpoint. However, since Digital Guardian monitors and controls data leakage based on the lifecycle log of all logs and documents for all executable files that occur on the endpoint, it provides high flexibility and wide control compared to existing competitive products.
  • CrowdStrike is a solution that provides an NGAV function that solves the shortcomings of traditional antivirus solutions and an EDR function that tracks, detects and controls the behavior of malicious code. CrowdStrike is a solution that provides NGAV, EDR forensic analysis, and DarkWeb/DeepWeb monitoring functions with a single agent.
How do EDR-related solutions handled by DONGHOON Itech help customers?
EDR-related solutions handled by DONGHOON Itech are the solutions that customers use and are most satisfied with. DONGHOON Itech always deals with solutions that can provide the best security to customers.