About EDR
In an organization, endpoints are the physical devices that connect and exchange information within a network infrastructure. In your network, an endpoint can be Internet of Things (IoT) devices or physical devices. For example, some endpoint devices are laptops, virtual machines, servers, mobile, and embedded devices. The application is a convergence of Malware Protection Products with Endpoint Detection & Response (EDR) to deliver comprehensive protection against known and unknown threats. EDR protects your organization's network against threats that originate from the endpoint devices. Using EDR and our Cloud Agents, you can continuously monitor and remediate endpoints for suspicious activity.
EDR captures system activity to find indicators of compromise and action related to malware and threat actors that support investigation and response. It provides prevention, detection, and response across the entire attack life cycle. You only need one agent to perform critical security functions and respond to and remediate incidents in real time.
Benefits of EDR
A well-defined endpoint security strategy is necessary to prevent attacks and secure the network. Following are some of the EDR benefits that you can take advantage of:
- Graphical data: The Dashboard tab in EDR collects widget data and makes it easy for you to visualize the data.
- Detecting incidents and alerts: The Detection tab lists the event-specific analysis, and remediation actions in the Incidents and Alerts sub-tabs.
- Assets monitoring: From the Assets tab you get up-to-date views on a selected asset's details, events, and incidents.
- Forensics data: You can perform forensic analysis for any Windows agent incident. Any action you perform on the Forensics tab can be monitored in the Administration application. Thus, this helps you with seamless auditing for Windows agent.
- Quarantine assets: An effective endpoint security ensures that you have the leverage to quarantine assets that can not be disinfected. The Quarantine Asset option in the Assets tab quarantines a Windows Agent that has version 4.9.0 and above and Linux Agent that has version 6.0.0 and above.
- Remediation action: You can secure your assets and network by performing Auto-remediate or Remediation actions from the Hunting tab.
EDR Concepts and Terminologies
Following are some of the common concepts and terminologies that you might come across while using EDR:
| Terms | Description |
| Dashboard | It visualizes a graphical summary of data such as vulnerabilities, assets, and other information. You can perform multiple actions on the dashboard, such as print dashboard, import dashboard, and version history. For more information, see Manage Dashboards. |
| Widgets | Data displayed in dashboards is summarized using the widgets. You can use widgets such as Numerical, Bar, Table, and TruRisk Score to display specific information. Widgets can be added to new or existing dashboards. For more information, see Knowing Widgets. |
| TruRisk Score | It is a framework that allows you to identify the riskiest asset in your organization. Asset Criticality is the primary factor when the TruRisk score determines an asset's risk. For more information, see Prioritize Vulnerabilities using Qualys TruRisk. |
| Criticality | Criticality is also known as Asset Criticality Score (ACS). It has a criticality range from 1 to 5 and is calculated based on the asset tags assigned. For more information, see Understanding Asset Criticality Score. |
| QQL | It is an acronym for Qualys Query Language. Using QQL, you can search queries to fetch information from the Qualys database. The query is a string of search attributes called search tokens. For more information, see Search Tokens for EDR. |
| Tags | It is a flexible and scalable method to discover and organize assets in your infrastructure. For more information, see Configure Tags. |