Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices. These tools give greater visibility of a system’s overall health including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures. They are typically used as a complement to larger security systems such as security information and event management (SIEM), vulnerability management, and incident response tools.
To qualify for inclusion in the Endpoint Detection and Response category, a product must:
Endpoint Detection & Response (EDR) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
Symantec Endpoint Protection (SEP) is designed to protect against malware attacks including targeted attacks, advanced persistent threats, and zero-day threats with a layered approach to security at the endpoint. Superior protection that fuses essential and next-gen technologies in a multi-layered fashion. High-performance, lightweight single client, single management console across both physical and virtual protection and orchestrated response delivered at scale
In a multi-vector attack, cybercriminals combine a variety of threat technologies, deployed in numerous stages, over multiple points of entry, or vectors, to infect computers and networks. To keep businesses, their users, and their devices safe, Webroot SecureAnywhere® Business Endpoint Protection offers a unique blend of layered multi-vector protection that stops threats across email, web browsing, files, URLs, ads, apps, and more.
ESET protects all of the most-used operating systems with the same level of functionality, leaving no potential entry point to your network unprotected. ESET’s powerful security management console gives you real-time information on the security state of your network, endpoints and mobile devices, including security and administration functionality that protects you against threats.
Integrated endpoint protection that provides automated next-generation threat protection, as well as visibility and control of your software and hardware inventory across the entire security fabric. Identify and remediate vulnerable or compromised hosts across your attack surface.
Secdo is the only automated incident response platform, enabling security and IR teams to investigate and respond to incidents faster than ever. With a combination of zero-gap endpoint visibility, automated alert investigation, proactive threat hunting and surgical response and remediation, Secdo gives security professionals an all-in-one tool to slash incident response time to minutes and increase their effectiveness by an order of magnitude. Secdo’s agents records all endpoint and server activity and send it to a centralized server (either on-premise or in the cloud). Using its unique Causality Analysis Engine, Secdo ingests any alert from any source and automatically correlates the alerts with the endpoint data to provide the full context of the alerts, including the attack chain, root cause and damage assessment. Finally, Secdo provides a set of response and remediation tools allowing incident responders to remotely and surgically contain endpoints and run remediation actions across multiple endpoints.
Cb Response is the market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Cb Response makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Cb Response also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement.
53% of breaches do not use malware. Streaming prevention through Cb Defense goes beyond machine-learning AV to stop all types of attacks before they compromise your systems. Cb Defense, with its breakthrough prevention model, market-leading detection and response capabilities and single lightweight agent, is the future of next-gen antivirus.
IBM® BigFix® addresses a major challenge faced by many organizations — how to gain full visibility into the constantly changing endpoint landscape while bridging the gap between threat detection and remediation. See clearly: Discover and audit endpoints on or off the corporate network. Detect evasive attacks with behavioral analytics. Understand completely: Guided investigations to define the scope of detected attacks. Define what remediation action you need to take. Act precisely: Immediately contain and remediate attacks enterprise-wide. Continuously reduce your attack surface.
Stop known and unknown threats on all platforms using sophisticated machine learning and intelligent automation. SentinelOne predicts malicious behavior across all vectors, rapidly eliminates threats with a fully-automated incident response protocol, and adapts defenses against the most advanced cyber attacks.
FireEye Endpoint Security (HX series) products provide organizations with the ability to continuously monitor endpoints for advanced malware and indicators of compromise that routinely bypass signature-based and defense-in-depth security systems.
Cybereason automatically detects malicious activity and presents it in an intuitive way. It deploys easily with minimal organizational impact and provides end-to-end context of an attack campaign. Most organizations deploy Cybereason and start detecting attacks within 24 to 48 hours.
EnCase Endpoint Security is the most complete threat detection and response solution—eliminating the time it takes to detect, validate, triage, investigate, and remediate known and unknown threats lurking across the enterprise, unseen by perimeter and network solutions. An organization’s security is simply not complete without endpoint visibility.
CloudCare is a free, cloud-based, endpoint security administration platform that makes it significantly faster and easier to monitor threats, resolve issues, and deliver multiple layers of protection to your customers.
Awake detects attacks that blend in with business-justified activity and enables conclusive and rapid response. With exhaustive intelligence from the network, Awake uniquely identifies mal-intent to stop insider attacks, file-less malware, and much more.
Deep Discovery Inspector is available as a physical or virtual network appliance. It's designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches.
Combining comprehensive coverage, unique detection and intelligence, and automated takedown, Digital Threat Protection offers a unique approach to combat attacks from the beginning, enabling organizations to focus on the future, not the fear of fraud.
IntSights is revolutionizing cyber security with a first of its kind Enterprise Threat Intelligence & Mitigation platform that delivers proactive defense by transforming threat intelligence into automated security action. It monitors your external risk profile, aggregates and analyzes tens of thousands of threats, and automates the risk mitigation lifecycle.
ESET Enterprise Inspector is ESET's Endpoint Detection and Response (EDR) tool for identification of anomalous behavior, identification of breaches, risk assessment, and further forensic investigation that features response capabilities to mitigate the discovered threats.
Integrated DLP allows you to deploy data security for a fraction of the cost and time of traditional enterprise DLP solutions.
Lastline Detonator integrates Lastline's unmatched advanced malware analysis and protection capabilities seamlessly into your existing security products. It puts the years of research on evasive malware by Lastline's team of internationally recognized experts at your fingertips.
Whether in DETECT or PREVENT mode, managed by us or you, the Nyotron War Room provides you in-depth details about an attack as it happens: where the attack is happening, if it is spreading to other endpoints, what the nature of the threat is, how it got in, and how it spread.
Promisec Integrity offers customers the same nimble agentless functionality as our on-premise solution, but through a browser interface to enable antivirus validation, unauthorized software discovery, and patch management validation.
RSA ECAT is an endpoint threat detection and response solution that exposes targeted, advanced malware, highlights suspicious activity for investigation, and instantly determines the scope of a compromise to help security teams stop advanced threats faster.
Saner is an endpoint security platform that provides continuous visibility and control of endpoints. Saner automates endpoint vulnerability, patch and compliance management to a daily routine. It also helps to continuously detect and respond to threats.
Accelerite Sentient is an endpoint detection and response tool that pulls together real-time information from enterprise endpoints, and enables security and IT staff to identify critical security threats and vulnerabilities in their endpoints within seconds
Syniverse is a global transaction processor that connects more than 1,500 mobile service providers, enterprises, ISPs and OTTs in nearly 200 countries and territories, enabling seamless mobile communications across disparate and rapidly evolving networks, devices and applications.
Triumfant AtomicEye provides continuous protection from advanced malware threats – stopping criminal activity at the point of infiltration and instantly repairing the machine and any collateral damage within minutes of an attack.
VIPRE is the highest-rated, award-winning endpoint security product for businesses, as well as home users, delivering the best protection at the best price. VIPRE is powered by the most sophisticated advanced machine learning, one of the world’s largest threat intelligence clouds and real-time behavior monitoring to protect millions of users from ransomware, zero-day attacks, phishing, exploit kits, mobile threats and other malware that easily evade traditional signature-based antivirus. The company is also a proud Advanced Technology Partner of Amazon Web Services. Easy to use, VIPRE deploys in minutes to deliver unmatched protection without slowing down PCs. VIPRE is headquartered and supported in the U.S. and all customers receive free, U.S.-based technical support. VIPRE Endpoint Security - Cloud Edition touts the first major innovation in cloud-based antivirus in recent years. VIPRE Cloud allows users to access, drill down and act upon a potential breach before any damage occurs, any time, any place, for true 24/7 protection.