Harfanglab EDR
Simplify the work of cybersecurity experts, anticipate threats and respond swiftly, for all OS, both as SaaS or On-Premises.
HarfangLab EDR’s detection engines are embedded directly into the agents deployed on endpoints (workstations and servers), ensuring protection is as close as possible to the threat.
Both easy to install and scalable, HarfangLab EDR is engineered to maintain terminal performance and deliver reliable protection even when endpoints are disconnected from the network.
Optimum protection while retaining control of your cyber strategy
HarfangLab’s EDR detection engines are based on open and standard formats, including YARA and Sigma, which are widely adopted by cybersecurity experts.
- Easy to use and to share threat intelligence data,
- Seamless integration with the existing ecosystem,
- Transparent detection rules, fully accessible and editable.
HarfangLab’s CTI team is always vigilant for emerging threats, regularly updating detection rules that users can customise to fit their unique cybersecurity needs.
- Lifecycle qualification and monitoring of detection rules,
- Updates via MISP,
- Direct access to all detection rules integrated into the console.
Ashley and Kio, HarfangLab’s EDR AI engines, respond to real-life use cases.
- Ashley detects unknown threats from virus databases and malicious scripts early in the execution process.
The engine is regularly trained to adapt to evolving threats and is continuously improved to eliminate false positives and reduce the impact on endpoint performance.
Think of Ashley as an additional layer of protection for the other engines as it enriches detection rules.
- Kio (Know It Owl) is your analysts’ personal assistant, responding to queries in natural language made via the console. Drill down into HarfangLab documentation and investigate security events with Kio at your side.
HarfangLab’s EDR is fully API-driven and built for interoperability, giving cyber experts complete control over their roadmap and the operational environment of their security solutions. This allows for seamless correlation of data from various sources.
HarfangLab’s EDR boasts a comprehensive set of features for leveraging collected data to support investigation and remediation efforts.
This enables analysts to gain a clear understanding of activities within the information system and to trace the origin of events and take appropriate action: whether it’s verifying suspicions, conducting investigations, blocking threats, or strengthening protection…
- Visibility of all security event information (detection methods, linked events, parent and child processes, etc.) for effective correlation,
- Multiple options to block or interrupt processes, isolate endpoints, delete files or services,
- Investigation tasks to enrich data and trace the origin of an incident to reinforce protection,
- Dynamic filtering to exploit data directly on the platform,
- Aggregation of alert and telemetry data for easy exploitation.
An EDR (Endpoint Detection and Response) is a security solution designed to protect endpoints, such as workstations and servers, through an installed agent that detects and mitigates threats. It not only identifies suspicious files but also monitors for malicious behaviour, indicators of compromise and more. The EDR can generate alerts or block threats while providing detailed information that allows for thorough investigation of the detected security events.
The EPP (Endpoint Protection Platform) is a security tool designed to provide broad threat protection, including features like antivirus, firewall and USB port protection. It can automatically block threats when it detects malicious files, unauthorised network connections, the connection of USB devices, etc. EPPs can also alert you to abnormal activity.
An EDR (Endpoint Detection and Response), however, focuses on detecting and responding to threats in real-time as a program is executed or by analysing system behaviour. It also collects data about security events to aid in analysing the threat and taking the appropriate response.
HarfangLab EDR employs various detection engines, including behavioural analysis and Artificial Intelligence, to identify and respond to threats that aren’t found in known threat databases.
All OS are supported: Windows, Linux and macOS. Our detailed documentation is available for more information.
HarfangLab EDR can be deployed in the Cloud or On-Premises infrastructure, offering the same functionalities in either environment.
Regardless of the deployment method, agents are installed directly on the endpoints and communicate with the console to share telemetry data and receive threat detection and blocking policies.
Updates require no endpoint reboots and, for On-Premises deployments, can be managed either remotely or on site.
Find out more
Artificial Intelligence in an EDR, for what purpose?
EDR and cybersecurity – the benefits of AI: how to contain risk upstream, thanks to an engine that runs directly…
Cybersecurity: how to optimize false positives
Reacting quickly to security incidents is crucial, but you also need the right information at the right time, with the…
Cybersecurity: how EDR protects itself against attacks
As cyber-attack techniques become more sophisticated and increase in volume, so do the tools available to deal with them.
Cybersecurity: telemetry explained
What is the use of telemetry in cybersecurity? What are its uses and benefits for cyberanalysts? How is it collected,…
Perks of Sigma and YARA rules in an EDR
Sigma and YARA are rule formats for detecting threats – malicious behaviors and files (or binaries) respectively. What are the…