Endpoint Detection and Response
The Endpoint Detection and Response (EDR) feature is an event correlation component, capable of identifying advanced threats or in-progress attacks. As part of our comprehensive and integrated Endpoint Protection Platform, EDR brings together device intelligence across your enterprise network. This solution comes in aid of your incident response teams' effort to investigate and respond to advanced threats.
Endpoint Detection and Response (EDR) is a lightweight solution that enables you to:
Detect activity that evades classic endpoint prevention mechanisms.
Take actions to eliminate vulnerabilities and eliminate the risk of recurrent attacks.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone Control Center with a partner account.
Go to the Companies page from the left side menu.
Click on the name of the company you want to enroll in the trial.
Tip
Only eligible companies can be enrolled in a product trial. Check the MSP Trial Status column to see the companies that are eligible for a trial.
The Edit company window is displayed.
Go to the Product Trials Hub tab.
Select Learn more under the Endpoint Detection and Response section.
The individual product trial page is displayed.
Select Start free trial.
A confirmation window is displayed.
Confirm your company's location and industry and select Start trial to confirm the enrollment.
Note
Companies that enroll in the EDR trial that do not have the ATS feature enabled, will have it enabled for the duration of the trial, including HyperDetect and Sandbox Analyzer. No feature included in the trial will result in additional charges or changes in your monthly license usage reports.
The trial has started. The Product Trial Hub tab is displayed, containing updated trial information and buttons.
A Reconfigure Agent task is created for every eligible endpoint on the target company, which will deploy the EDR Sensor module.
The company's trial status is updated:
The features included in the trial are enabled in the company's Licensing page:
Configure and install the feature
If your endpoints already have the BEST agent deployed, a Reconfigure Agent task is created automatically when the trial starts to add the EDR Sensor module to all eligible endpoints on the target company.
Tip
If the reconfigure client task fails, you can go back to the Product Trial Hub page for EDR and click the Add new module button:
If the task fails to add the module to your endpoints, check the task status and try manually creating another one. If the problem persists, contact support.
If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.
To start using this feature, follow the steps below:
View EDR activity
Generate EDR Trial report
The EDR Trial report provides an overview of the EDR related activity recorded during the trial, along with related data aggregated from multiple Bitdefender components, and threat intelligence relevant to the target company's country and industry.
The report provides MSPs with an overview of the client's current cybersecurity landscape, and correlates it with available EDR data, to highlight the potential risks of security events and the use of the EDR feature in combatting them.
To generate the report follow these steps:
Go to the Companies page from the left side menu.
Click on the name of the company you want to generate the report for.
Go to the Product Trials Hub tab.
Go to Endpoint Detection and Response Trial, in the Generate report section, and click on Export report.
The EDR Trial report is downloaded.
Note
The report contains EDR related data gathered from the start of the trial to either the current date or the end of the trial, whichever comes first.
The EDR Trial report aggregates the following information:
Overview section: Contains information regarding the client's number of endpoints that had EDR deployed during the trial period, as well as the number of Suspicious incidents and Cross-company incidents discovered by EDR .
Security insights: Displays the type and number of entities discovered/recorded during the trial that were scanned during the trial.
Incidents by severity: Provides a visual representation of all incidents generated during the trial grouped by severity.
Top affected devices: Displays the devices in your company with the highest number of security events.
Note
The widget displays up to five devices.
Most commonly exploited resources: Displays the types of resources most commonly exploited in the target company's industry and country.
Most common attack techniques: Highlights the most prevalent attack techniques, as identified by Bitdefender, utilizing the MITRE ATT&CK classification. The data is custom tailored in accordance with the threat landscape of the target company.
Top active malicious actors: Shows the primary malicious organizations currently operating in the target company's threat landscape.
Top active malicious threat families: Shows the primary threat families currently operating in the target company's landscape.
Note
The report provides insight into the threat landscape of the company's country and industry, as defined Bitdefender Advanced Threat Intelligence. This is done using custom tailored widgets such as Most commonly exploited resources, Most common attack techniques, Top active malicious actors and Top active malicious threat families.
Manually stop the trial
Log in to GravityZone Control Center with a partner account.
Go to the Companies page from the left side menu.
Click on the name of the company you want to remove from the trial.
Tip
You can use the the Product Trial status column to see the companies that are have an ongoing trial.
The Edit company window is displayed.
Go to the Product Trials Hub tab.
Select Learn more under the Endpoint Detection and Response section.
The Endpoint Detection and Response trial page is displayed.
Select Stop trial.
A confirmation window is displayed.
Select the Remove module from endpoints checkbox to automatically create a Reconfigure agent task and remove the EDR Sensor module from all eligible endpoints on the target company.
If requested, a Reconfigure Agent task is created for every eligible endpoint on the target company, which will remove the EDR Sensor module.
Tip
If the task fails to remove the module from your endpoints, check the task status and try manually creating another one. If the problem persists, contact support.
If you do not remove the modules, they will remain on the company's endpoints, but the feature will no longer be licensed.
Click End trial to confirm the request.
The trial has ended.