Endpoint Detection and Response

Endpoint Detection and Response is part of ProArch's Managed Detection and Response services. EDR continuously detects the events and behaviors of desktops, phones, workstations, tablets, and servers. It provides a holistic view of correlated events and data to prevents attacks, such as zero-days, malware, and ransomware.

When a breach is detected in your infrastructure, the security operations center (SOC) performs threat hunting and investigation to contain the threat before it affects your environment. Plus, auto-remediation capabilities block and isolate endpoints and eliminates false positives in real-time.

ProArch's EDR is a 100% cloud-based solution. Deployment is done remotely, and depending on the criticality of the situation, can be deployed in a matter of days.

The SOC remediates and responds to threat activity within its capabilities and integrated systems. Quarantining a system, restricting application execution, creating an investigation package, and performing advanced threat hunting to determine root cause are all handled by the SOC. In the case that a patch or other engineering function is required then the SOC communicates responsibility to the client. If successful compromise does occur, then transition to ProArch's Incident Response Team takes place.

Although ProArch can perform incident response, those recovery and rebuild services are not included in the cost of EDR. An incident response retainer is required to utilize the ProArch Incident Response team. It is important to have a documented incident response plan that outline actions to be taken by members of your team, like contacting legal representation and restoring backups.

Absolutely. Every organization has different requirements, budgets, and risk appetite. We structure the program for each client and can add on services like vulnerability management, security awareness training, annual VAPT, and more.