- VSEC VADAR EDR SOLUTION
As network threats become increasingly sophisticated, real-time monitoring and security analysis are essential to swiftly detect and respond to threats. VSEC Vadar Endpoint Detection & Response (branded as VSEC Vadar EDR) is a system designed to detect and respond to endpoint threats, aiming to identify and eliminate malicious software or any suspicious activities on the network. Moreover, it continuously monitors, collects, records, stores, and deeply analyzes data to promptly identify suspicious behaviors within the system.
2. KEY FEATURES
- Provides a centralized management interface for servers/workstations, offering thousands of report templates.
- Establishes and manages protection rule sets.
- Utilizes encrypted protocols for remote administration, enabling automatic logout and termination of remote administrative sessions upon session timeout.
- Exports reports from the system in Excel and PDF formats.
- Integrates and synchronizes data with VSEC Vadar SIEM, VSEC TI Engine (TIP), and Virustotal.
- Records and monitors real-time system administration logs.
- Stores and retrieves all logs in raw data format, standardized in JSON.
- Real-time automatic alerts to users, allowing users to view, supplement, and enrich alert information.
- The connection channel between the agent and EDR server is encrypted and authenticated; supports High Availability (HA) or Clustering deployment models; supports Load Balancing mechanism.
- Searches logs on servers/workstations.
- Analyzes remotely running processes on servers/workstations.
- Enables centralized management of servers/workstations on at least two platforms: Windows and Linux; establishes policies to block malicious applications and connections from servers/workstations.
3. NOTABLE ADVANTAGES
- Proactive Prevention: Detects even polymorphic malware and continually evolves to take appropriate remedial actions.
- Suitable for Large-Scale Network Systems: Traditional antivirus programs lack the strength to secure large systems; VSEC Vadar EDR is designed to easily collect and monitor data continuously across all these endpoints.
- Compatibility and Integration with Other Security Tools: Easily integrates with other security tools such as malware analysis, network forensics, SIEM, Threat Intelligence Platforms (TIPs), etc., to enhance network system security.
- Improved Real-Time Incident Management and Response: Constantly gathers information about malware traces and potential hidden network threats. Data is stored on network endpoints, aiding in preparing appropriate incident management and response strategies.