- Reputation engine – ensures that known malicious files are not written to the disk or executed.
- Static AI engine– scans for malicious files written to disk. This engine runs scans upon file execution and when files are written to the disk. It also scans for suspicious files written to disk.
- Behavioral AI executable engine– uses advanced machine learning tools to detect malicious activities in real-time
- Documents and scripts behavioral AI engine– separately focuses on documents and scripts.
|
- Lateral movement AI engine– detects remote device attacks.
- Anti exploitation and fileless AI engine– focused on exploits & fileless attack attempts (web related & command line exploits)
- Granular remediation capabilities– automated cleanup/ recovery
- Remediate: This option assists in removing damage caused by the threat, but not a full rollback, which “rewinds” to a specific point in time.
- Rollback: During a rollback, the affected device is restored to a saved Volume Shadow Copy Service (VSS) snapshot, which attempts to reverse any damage. In other words, it seeks to restore endpoint to a state before the attack started doing damage. This can be particularly helpful for ransomware attacks, where it rolls the endpoint back before files were encrypted. This may negate the need to pay the ransom.Beyond that, the rollback feature happens near instantaneously—much faster than if you were restoring from a backup. However, EDR doesn’t eliminate the need for a good, cloud-based backup solution.
|
