Skip to main content

Endpoint Detection and Response

The Endpoint Detection and Response (EDR) feature is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.

Endpoint Detection and Response (EDR) is a lightweight solution that enables you to:

  • Detect activity that evades classic endpoint prevention mechanisms.

  • Take actions to eliminate vulnerabilities and eliminate the risk of recurrent attacks.Remediation

Start the trial

To start the trial, follow the steps below:

  1. Log in to GravityZone Control Center with a partner account.

  2. Go to the Companies page from the left side menu.

  3. Click on the name of the company you want to enroll in the trial.

    msp_trial_companies_select_485859_en.png

    Tip

    Only eligible companies can be enrolled in a product trial. Check the MSP Trial Status column to see the companies that are eligible for a trial.

    msp_trial_companies_filters_485859_en.psd

    The Edit company window is displayed.

  4. Go to the Product Trials Hub tab.

    msp_trial_companies_select_2_485859_en.png
  5. Select Learn more under the Endpoint Detection and Response section.

    msp_trial_companies_select_2_1_485859_en.png

    The individual product trial page is displayed.

  6. Select Start free trial.

    A confirmation window is displayed.

    msp_trial_companies_select_3_485859_en.png
  7. Confirm your company's location and industry and select Start trial to confirm the enrollment.

    Note

    Companies that enroll in the EDR trial that do not have the ATS feature enabled, will have it enabled for the duration of the trial, including HyperDetect and Sandbox Analyzer. No feature included in the trial will result in additional charges or changes in your monthly license usage reports.

The trial has started. The Product Trial Hub tab is displayed, containing updated trial information and buttons.

msp_trial_companies_select_4_485859_en.png

A Reconfigure Agent task is created for every eligible endpoint on the target company, which will deploy the EDR Sensor module.

The company's trial status is updated:

msp_trial_companies_trial_status_485859_en.png

The features included in the trial are enabled in the company's Licensing page:

msp_trial_companies_licensing_status_485859_en.png

Configure and install the feature

If your endpoints already have the BEST agent deployed, a Reconfigure Agent task is created automatically when the trial starts to add the EDR Sensor module to all eligible endpoints on the target company.

Tip

If the reconfigure client task fails, you can go back to the Product Trial Hub page for EDR and click the Add new module button:

msp_trial_companies_add_module_button_485859_en.png

If the task fails to add the module to your endpoints, check the task status and try manually creating another one. If the problem persists, contact support.

If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.

To start using this feature, follow the steps below:

View EDR activity

Generate EDR Trial report

The EDR Trial report provides an overview of the EDR related activity recorded during the trial, along with related data aggregated from multiple Bitdefender components, and threat intelligence relevant to the target company's country and industry.

The report provides MSPs with an overview of the client's current cybersecurity landscape, and correlates it with available EDR data, to highlight the potential risks of security events and the use of the EDR feature in combatting them.

To generate the report follow these steps:

  1. Go to the Companies page from the left side menu.

  2. Click on the name of the company you want to generate the report for.

  3. Go to the Product Trials Hub tab.

    msp_trial_companies_select_2_485859_en.png
  4. Go to Endpoint Detection and Response Trial, in the Generate report section, and click on Export report.

    msp_trial_companies_generate_report_button_485859_en.png

    The EDR Trial report is downloaded.

    Note

    The report contains EDR related data gathered from the start of the trial to either the current date or the end of the trial, whichever comes first.

The EDR Trial report aggregates the following information:

  • Overview section: Contains information regarding the client's number of endpoints that had EDR deployed during the trial period, as well as the number of Suspicious incidents and Cross-company incidents discovered by EDR .

    msp_trial_companies_EDR_report_overview_widget_485859_en.png
  • Security insights: Displays the type and number of entities discovered/recorded during the trial that were scanned during the trial.

    msp_trial_companies_EDR_report_Insights_widget_485859_en.png
  • Incidents by severity: Provides a visual representation of all incidents generated during the trial grouped by severity.

    msp_trial_companies_EDR_report_incidents_by_severity_widget_485859_en.png
  • Top affected devices: Displays the devices in your company with the highest number of security events.

    msp_trial_companies_EDR_report_affected_devices_widget_485859_en.png

    Note

    The widget displays up to five devices.

  • Most commonly exploited resources: Displays the types of resources most commonly exploited in the target company's industry and country.

    msp_trial_companies_EDR_report_Most_commonly_exploited_resources___widget_485859_en.png
  • Most common attack techniques: Highlights the most prevalent attack techniques, as identified by Bitdefender, utilizing the MITRE ATT&CK classification. The data is custom tailored in accordance with the threat landscape of the target company.

    msp_trial_companies_EDR_report_Most_common_attacktechniques____widget_485859_en.png
  • Top active malicious actors: Shows the primary malicious organizations currently operating in the target company's threat landscape.

    msp_trial_companies_EDR_report_malicious_actors_widget_485859_en.png
  • Top active malicious threat families: Shows the primary threat families currently operating in the target company's landscape.

    msp_trial_companies_EDR_report_treat_families_widget_485859_en.png

Note

The report provides insight into the threat landscape of the company's country and industry, as defined Bitdefender Advanced Threat Intelligence. This is done using custom tailored widgets such as Most commonly exploited resources, Most common attack techniques, Top active malicious actors and Top active malicious threat families.

Manually stop the trial

  1. Log in to GravityZone Control Center with a partner account.

  2. Go to the Companies page from the left side menu.

  3. Click on the name of the company you want to remove from the trial.

    msp_trial_companies_select_485859_en.png

    Tip

    You can use the the Product Trial status column to see the companies that are have an ongoing trial.

    msp_trial_companies_filters_2_485859_en.png

    The Edit company window is displayed.

  4. Go to the Product Trials Hub tab.

    msp_trial_companies_select_2_485859_en.png
  5. Select Learn more under the Endpoint Detection and Response section.

    The Endpoint Detection and Response trial page is displayed.

  6. Select Stop trial.

    A confirmation window is displayed.

    msp_trial_companies_stop_485859_en.png
  7. Select the Remove module from endpoints checkbox to automatically create a Reconfigure agent task and remove the EDR Sensor module from all eligible endpoints on the target company.

    If requested, a Reconfigure Agent task is created for every eligible endpoint on the target company, which will remove the EDR Sensor module.

    Tip

    If the task fails to remove the module from your endpoints, check the task status and try manually creating another one. If the problem persists, contact support.

    If you do not remove the modules, they will remain on the company's endpoints, but the feature will no longer be licensed.

  8. Click End trial to confirm the request.

The trial has ended.

msp_trial_companies_end_485859_en.png