Harfanglab EDR

Simplify the work of cybersecurity experts, anticipate threats and respond swiftly, for all OS, both as SaaS or On-Premises.

EDR1
Detect and block threats
EDR2
Optimise your analysis
EDR3
Take control of your cyber environment
EDR

HarfangLab EDR’s detection engines are embedded directly into the agents deployed on endpoints (workstations and servers), ensuring protection is as close as possible to the threat.

Both easy to install and scalable, HarfangLab EDR is engineered to maintain terminal performance and deliver reliable protection even when the network is offline.

On-Premises & SaaS deployment with consistent functionalities
Artificial intelligence for detecting unknown threats
Wide-ranging integrations for a perfectly tailored cyber stack
API available for close management of the working environment
Fine-tune settings for alerts and whitelists
Access to all data for comprehensive exploitation, aggregation, & correlation

Optimum protection while retaining control of your cyber strategy

edr4
check
A white box for straightforward management

HarfangLab’s EDR detection engines are based on open and standard formats, including YARA and Sigma, which are widely adopted by cybersecurity experts.

  • Easy to use and share information,
  • Seamless integration with the existing ecosystem,
  • Transparent detection rules, fully accessible and editable.
edr5
check
Continuously optimised CTI

HarfangLab’s CTI team is always vigilant for emerging threats, regularly updating detection rules that users can customise to fit their unique cybersecurity needs.

  • Lifecycle qualification and monitoring of detection rules,
  • Updates via MISP,
  • Direct access to all detection rules integrated into the console.
edr6
check
Artificial Intelligence for enhanced protection

HarfangLab’s EDR AI engine is designed to address real-world use cases: it identifies unknown threats from malware databases and detects malicious binary files and scripts before they can execute.
It is continuously trained to adapt to the evolving threat landscape and refined to minimise false positives and the impact on endpoint performance.

  • Extra layer of protection with the other engines,
  • Risk contained upstream,
  • Enhanced detection rules.
edr7
check
Integrations and APIs to build the best cyber shield

HarfangLab’s EDR is fully API-driven and built for interoperability, giving cyber experts complete control over their roadmap and the operational environment of their security solutions. This allows for seamless correlation of data from various sources.

edr8
check
In-depth investigations made simple

HarfangLab’s EDR boasts a comprehensive set of features for leveraging collected data to support investigation and remediation efforts.

This enables analysts to gain a clear understanding of activities within the information system and to trace the origin of events and take appropriate action: whether it’s verifying suspicions, conducting investigations, blocking threats, or strengthening protection…

 

  • Visibility of all security event information (detection methods, linked events, parent and child processes, etc.) for effective correlation,
  • Multiple options to block or interrupt processes, isolate endpoints, delete files or services,
  • Investigation tasks to enrich data and trace the origin of an incident to reinforce protection,
  • Dynamic filtering to exploit data directly on the platform,
  • Aggregation of alert and telemetry data for easy exploitation.

An EDR (Endpoint Detection and Response) is a security solution designed to protect endpoints, such as workstations and servers, through an installed agent that detects and mitigates threats. It not only identifies suspicious files but also monitors for malicious behaviour, indicators of compromise and more. The EDR can generate alerts or block threats while providing detailed information that allows for thorough investigation of the detected security events.

The EPP (Endpoint Protection Platform) is a security tool designed to provide broad threat protection, including features like antivirus, firewall and USB port protection. It can automatically block threats when it detects malicious files, unauthorised network connections, the connection of USB devices, etc. EPPs can also alert you to abnormal activity.

An EDR (Endpoint Detection and Response), however, focuses on detecting and responding to threats in real-time as a program is executed or by analysing system behaviour. It also collects data about security events to aid in analysing the threat and taking the appropriate response.

HarfangLab EDR employs various detection engines, including behavioural analysis and Artificial Intelligence, to identify and respond to threats that aren’t found in known threat databases.

All OS are supported: Windows, Linux and macOS. Our detailed documentation is available for more information.

HarfangLab EDR can be deployed in the Cloud or On-Premises infrastructure, offering the same functionalities in either environment.

Regardless of the deployment method, agents are installed directly on the endpoints and communicate with the console to share telemetry data and receive threat detection and blocking policies.

Updates require no endpoint reboots and, for On-Premises deployments, can be managed either remotely or on site.