What does IntelliGO EDR do?
Endpoint Detection and Response (EDR) runs on laptops and servers and records and controls all aspects of your operating system such as memory, scripts, packets and processes for malicious behavior.
By centralizing this information and control and measuring it against millions of malware samples and threat intelligence feeds, we catch malware behavior other products miss and offer real-time incident response.
Frequently Asked Questions
What is the performance impact?
Software runs under the OS as a kernel mode process, no perceptible process memory is taken. Storage on disk is minimum 100MB.How is it different to anti-virus?
Anti-virus matches processes to signatures and blocks execution and quarantines. Our EDR records all behaviour on the OS to analyze system changes from any object and take action.
Where do you get your behaviors?
Behaviours match the changes to the OS instead of suspect files.
Thousands of malware behaviours are collected every day from threat intelligence feeds and from our analysts to detect new behaviours.
Our customers also provide known-good behaviours which update white-lists.
How fast can you take action?
Actions automatically occur with policies sub-second. Analyst actions take 7 seconds to execute from the time they are run on the console.
What kind of actions can you take?
We can kill processes, delete files, quarantine workstations (limit network access) and extract files for futher sandbox analysis.
How does this help to notify me of a breach?
By analyzing data before and after an incident, we confirm if the software accessed sensitive information or exfiltrated data to provide confirmation of data loss (a breach).