About Endpoint Detection and Response

In an organization, endpoints are the physical devices that connect and exchange information within a network infrastructure. In your network, an endpoint can be Internet of Things (IoT) devices or physical devices. For example, some endpoint devices are laptops, virtual machines, servers, mobile, and embedded devices. The application is a convergence of Malware Protection Products with Endpoint Detection & Response (EDR) to deliver comprehensive protection against known and unknown threats. EDR protects your organization's network against threats that originate from the endpoint devices. Using EDR and our Cloud Agents, you can continuously monitor and remediate endpoints for suspicious activity.

EDR captures system activity to find indicators of compromise and action related to malware and threat actors that support investigation and response. It provides prevention, detection, and response across the entire attack life cycle. You only need one agent to perform critical security functions and respond to and remediate incidents in real time. 

Benefits of EDR

A well-defined endpoint security strategy is necessary to prevent attacks and secure the network. Following are some of the EDR benefits that you can take advantage of:

EDR Concepts and Terminologies

Following are some of the common concepts and terminologies that you might come across while using EDR:

Terms Description
Dashboard It visualizes a graphical summary of data such as vulnerabilities, assets, and other information. You can perform multiple actions on the dashboard, such as print dashboard, import dashboard, and version history. For more information, see Manage Dashboards
Widgets Data displayed in dashboards is summarized using the widgets. You can use widgets such as Numerical, Bar, Table, and TruRisk Score to display specific information. Widgets can be added to new or existing dashboards. For more information, see Knowing Widgets.
TruRisk Score It is a framework that allows you to identify the riskiest asset in your organization. Asset Criticality is the primary factor when the TruRisk score determines an asset's risk. For more information, see Prioritize Vulnerabilities using Qualys TruRisk.
Criticality Criticality is also known as Asset Criticality Score (ACS). It has a criticality range from 1 to 5 and is calculated based on the asset tags assigned. For more information, see Understanding Asset Criticality Score.
QQL It is an acronym for Qualys Query Language. Using QQL, you can search queries to fetch information from the Qualys database. The query is a string of search attributes called search tokens. For more information, see Search Tokens for EDR.
Tags It is a flexible and scalable method to discover and organize assets in your infrastructure. For more information, see Configure Tags.