

These new capabilities can learn an organization's baseline behaviors and use this information, along with a variety of other threat intelligence sources, to interpret findings.Īnother type of threat intelligence is the Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) project underway at MITRE, a nonprofit research group that works with the U.S. Many EDR security vendors offer threat intelligence subscriptions as part of their endpoint security solution.Īdditionally, new investigative capabilities in some EDR solutions can leverage AI and machine learning to automate the steps in an investigative process.

That collective intelligence helps increase an EDR's ability to identify exploits, especially multi-layered and zero-day attacks. Threat intelligence services provide an organization with a global pool of information on current threats and their characteristics. New features and services are expanding EDR solutions' ability to detect and investigate threats.įor example, third-party threat intelligence services, such as Trellix Global Threat Intelligence, increase the effectiveness of endpoint security solutions. New EDR capabilities improve threat intelligence IT security professionals also use forensics tools to hunt for threats in the system, such as malware or other exploits that might lurk undetected on an endpoint.

Software agents conduct endpoint monitoring and collect data-such as processes, connections, volume of activity, and data transfers-into a central database.Īutomated response. EDR tools have three basic components:Įndpoint data collection agents. EDR security provides an integrated hub for the collection, correlation, and analysis of endpoint data, as well as for coordinating alerts and responses to immediate threats.
