盗墓笔记同人小说,小说阅读网,盗墓笔记txt全集下载

Product Overview

UniEDR Endpoint Detection and Response System is based on Gartner's EDR concept combined with "Continuous Adaptive Risk and Trust Assessment"(CARTA) strategic approach, which delivers advanced threat attacks protection, attack traceability, and to assist enterprises in continuous improvement. UniEDR is a pluggable module of Leagsoft EPP management and control platform to achieve complementary security capabilities based on unified management platform.

Threats detection, elimination and analysis by UniEDR and optimized security management configuration by EPP integrated security platform with further investigation of threats, both enable the enterprise security continuously improved.

Key Functions

Multi-dimensional Endpoint Data Telemetry

Proactive Detection to Discover Potential Threats

In-depth Investigations

Threat Response and Eradication

Multi-dimensional Endpoint Data Telemetry

Central database is a necessary foundation for building detection and defense models with sufficiently broad coverage and accuracy, as well as for tracing of attackers.
Leagsoft UniEDR can continuously collect security-related data from endpoints, including basic information (host information, system user information, system service information, PE information), system event logs (process startup events, process exit events, process injection events, file operation events, network access events, DNS access events, operating system user logging events, Operating system log events, Powershell execution events).
Changelogs (registry changes, self-startup changes, system user changes, service changes, driver changes etc.)

Proactive Detection to Discover Potential Threats

UniEDR uses correlation analysis, cluster analysis, threat analysis, and other techniques to learn deeply about all security behavior related data. Proactively identifies potential threats on the endpoint, while establishing indicators based on customer business health and multi-dimensional and in-depth detection system for file processes, host accesses and business relations.

In-depth Investigations

UniEDR provides the capability of searching in database of endpoint’s security telemetry data, enabling in-depth drilling and analysis of risk events, verifying the accuracy of security events, restoring the attack process of risk events, tracing their sources, and analyzing the scope of impact, damage and other relevant information.

Threat Response and Eradication

Provide appropriate responses to different types of endpoint threats, combining endpoint, business, system and other factors to provide remediation. Optimize the security baseline to prevent the recurrence of the same type of attack.

Advantages

Continuous Data Collection to Eliminate Blind Spots

Through the continuous collection, monitoring and analysis of endpoint security data, UniEDR can significantly improve the ability to detect potential threats, improve the ease of investigation, and provide an important contextual basis for a thorough understanding of the threat landscape at the endpoint.

In-depth Investigation and Threat Visibility

Helps analysts quickly capture anomalous behavior data to the terminal, combined with risk context and a comprehensive analysis of behavioral baseline analysis models to make malicious activity of advanced threats visible.

Automated Threat Response to eliminate the threat in real-time

In response to discovered advanced threat events, it can provide corresponding security response strategies and tasks, and provide security means such as isolation, eradication, and forensics for threat events, to quickly eliminate the threats. Helps security teams respond to incidents and threats Faster.

Typical Scenarios

Cloud-based Solution

When a suspicious behavior is detected, it needs to be verified through multiple dimensions before it can be confirmed as an attack, to avoid false alarms and omission of information. Leagsoft UniEDR system can provide rich endpoint data collection information for the unified threat detection platform to analyze and investigate, trace back the propagation path and attack means of the threat subject, assess the impact of the threat, confirm the scope of the affected terminals, and improve the system reinforcement system and countermeasures.

Continuous Detection of Unknown or Potential Threats

Standardize multiple attack characteristics that appear in the attack matrix with a uniform, normalized format that combines the customer's own business and the attack patterns they face to build a detection model that conforms to the internal security of the enterprise, while designing a professional security response process. The ability to guide security teams to search more information across the network, investigate the real purpose of advanced threat penetration, combine endpoints, Business, system, and other factors provide remediation to increase the security baseline and prevent the recurrence of the same type of attack.

Features

Comprehensive and Accurate Data Collection

Data collection is categorized and processed for different types of information, with less resource consumption and comprehensive data collection. Information such as PE file information, underlying hardware information, and document content can be collected completely, and the data association information is stored in the form of graphs for easy querying.
Faster Detections

Based on MITER ATT&CK?, systematic threat detection policy planning, compared with the traditional solution that lean heavily on known cases of expert rules, can be more comprehensive defense against threats, to find the potential threat; The unique high-speed data storage, processing engine and graph processing model dramatically increase the computation speed, effectively improving the speed of threat investigation and discovering threats faster.
Higher ROI

Unified endpoint protection platform, with a single agent and console that integrated access control, desktop management, DLP functions, can be expanded rapidly and seamlessly based on enterprise needs and business development; With 15 million+ Agents deployed, verified compatibility, and less system resources consumption, it significantly saves terminal hardware investment and improves endusers’ experience; Open to integrate with Leagsoft UniNID and UniCWPP (server-side threat detection), all products are based on a unified threat detection model to achieve efficient detection and more comprehensive threat response.