HarfangLab EDR
Endpoint Detection and Response

Simplify the work of cybersecurity teams, anticipate threats, and respond swiftly regardless of OS or environment – Cloud and On-Premises alike with full feature parity.

See our plans

edr hero-facilitez le travail des analystes

Detect and block threats

Optimize your analysis

Keep your infrastructure safe and control your data

HarfangLab EDR’s advanced detection engines are embedded directly into the agents deployed on endpoints (workstations and servers), ensuring protection is as close as possible to the threat.

Both easy to install and scalable, HarfangLab EDR is engineered to maintain endpoints performance and deliver reliable protection and remediation capacities even when endpoints are disconnected from the network.

On-Premises & Cloud deployment with same functionalities

AI to detect unknown threats and enhance analysts' capabilities

Wide-ranging integrations for a perfectly tailored cyber stack

API available for close management of the working environment

Fine-tune threat intelligence & whitelists settings to efficiently reduce false positives

Access to all data for comprehensive exploitation, aggregation, & correlation

Optimum protection while retaining control of your cyber strategy

A white box for straightforward management

HarfangLab’s EDR detection engines are based on open and standard formats, including YARA and Sigma, which are widely adopted by cybersecurity experts.

Easy to use and to share threat intelligence data
Seamless integration with the existing ecosystem
Transparent detection rules, fully accessible and editable

yara-transparent-customizable-rules-harfanglab

Continuously optimised CTI

HarfangLab’s CTI team is always vigilant for emerging threats, regularly updating detection rules that users can customise to fit their unique cybersecurity needs.

Lifecycle qualification and monitoring of detection rules
Updates via MISP
Direct access to all detection rules integrated into the console

AI to enhance protection and investigations

Ashley and Kio HarfangLab’s EDR AI engines, respond to real-life use cases.

Ashley detects unknown threats from virus databases and malicious scripts early in the execution process.
The engine is regularly trained to adapt to evolving threats and is continuously improved to eliminate false positives and reduce the impact on endpoint performance.
Think of Ashley as an additional layer of protection for the other engines as it enriches detection rules.
Kio (Know It Owl) is your analysts’ personal assistant, responding to queries in natural language made via the console. Drill down into HarfangLab documentation and investigate security events with Kio at your side.

strengthen-your-detection-skills-with-ai-harfanglab

Integrations and APIs to build the best cyber shield

HarfangLab’s EDR is fully API-driven and built for interoperability, giving cyber experts complete control over their roadmap and the operational environment of their security solutions. This allows for seamless correlation of data from various sources.

In-depth investigations made simple

HarfangLab’s EDR boasts a comprehensive set of features for leveraging collected data to support investigation and remediation efforts.

This enables cyber analysts to gain a clear visibility and understanding of activities and incidents within the information system and to trace the origin of events and take appropriate action: whether it’s verifying suspicions, conducting investigations, blocking threats, or strengthening protection…

Visibility of all security event information (detection methods, linked events, parent and child processes, etc.) for effective correlation,
Multiple options to block or interrupt processes, isolate endpoints, delete files or services,
Investigation jobs to enrich data and trace the origin of an incident to reinforce protection,
Remote Shell to connect to endpoints from the console and launch investigation and remediation actions using pre-recorded commands or scripts,
Dynamic filtering to exploit data directly on the platform,
Aggregation of alert and telemetry data for easy operation.

in-depth-investigations-simple-harfanglab

What is an EDR?

An EDR (Endpoint Detection and Response) is a security solution designed to protect endpoints, such as workstations and servers, through an installed agent that detects and mitigates threats. It not only identifies suspicious files but also monitors for malicious behaviour, indicators of compromise and more. The EDR can generate alerts or block threats while providing detailed information that allows for thorough investigation of the detected security events.

What is the difference between an EDR and an EPP?

The EPP (Endpoint Protection Platform) is a security tool designed to provide broad threat protection, including features like antivirus, firewall and USB port protection. It can automatically block threats when it detects malicious files, unauthorised network connections, the connection of USB devices, etc. EPPs can also alert you to abnormal activity.

An EDR (Endpoint Detection and Response), however, focuses on detecting and responding to threats in real-time as a program is executed or by analysing system behaviour. It also collects data about security events to aid in analysing the threat and taking the appropriate response.

Can an EDR detect unknown threats?

HarfangLab EDR employs various detection engines, including behavioural analysis and Artificial Intelligence, to identify and respond to threats that aren’t found in known threat databases.

What operating systems does HarfangLab support?

All OS are supported: Windows, Linux and macOS. Our detailed documentation is available for more information.

How can HarfangLab EDR be deployed?

HarfangLab EDR can be deployed in the Cloud or On-Premises infrastructure, offering the same functionalities in either environment.

Regardless of the deployment method, agents are installed directly on the endpoints and communicate with the console to share telemetry data and receive threat detection and blocking policies.

Updates require no endpoint reboots and, for On-Premises deployments, can be managed either remotely or on site.