Skip to main content

Endpoint Detection and Response (EDR)

The Endpoint Detection and Response (EDR) feature is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.

Important

The capabilities of the EDR feature may differ depending on the license included in your current plan.

Endpoint Detection and Response (EDR) is a lightweight solution that enables you to:

  • Detect activity that evades classic endpoint prevention mechanisms.

  • Take actions to eliminate vulnerabilities and eliminate the risk of recurrent attacks.

This provides you with easy-to-follow response workflows that enable incident response teams to limit lateral spread and stop ongoing attacks.

When installed in your environment as an independent endpoint detection and response solution, BitdefenderEDR is compatible with, and enhances any pre-installed Endpoint Protection Platform (EPP). It also provides you with flexible deployment options that can easily be upgraded to Managed Detection and Response services.

Components

eXtended Detection and Response is dependent on the following components:

  • GravityZone Virtual Appliance

  • Security agent (Windows)

Configure and install the feature

To start using this feature, follow the steps below:

Important

If your endpoints already have the BEST agent deployed, you can use a reconfigure client task to add the module to the endpoint. If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.

Below we have included both procedures.

View EDR activity