Managed Endpoint Detection and Response (MEDR)

Frequently Asked Questions

• What is Endpoint Detection and Response (EDR)?

  EDR stands for Endpoint Detection and Response. It is a cybersecurity approach that focuses on detecting and mitigating threats at the endpoint level within an organization's network. Endpoints refer to devices such as computers, laptops, smartphones, servers, and other network-connected devices.

  The primary purpose of EDR is to provide management, visibility, and response capabilities to defend against advanced cyber threats and attacks.

  EDR solutions collect and analyze endpoint data, including system activities, user behavior, network connections, and file interactions. By continuously monitoring endpoints, EDR systems can identify suspicious or malicious activities indicative of a potential cyberattack.

• What is Managed EDR?

  Managed EDR (Endpoint Detection and Response) is a cybersecurity service provided by a managed security service provider (MSSP) or a security operations center (SOC).

  Managed EDR involves outsourcing the implementation, monitoring, and management of EDR technology and processes to a third-party provider. The primary goal of managed EDR is to enhance an organization's cybersecurity posture by leveraging the expertise and resources of experienced security professionals.

• Why do I need managed EDR?

  Managed EDR offers a proactive and comprehensive approach to endpoint security, providing organizations with the expertise, resources, and technologies needed to detect and respond to cyber threats effectively and affordably.

  Otherwise, unmanaged EDR technologies can be a waste of money. EDR technologies do little to enhance security operations without proper deployment, configuration, and auditing. Management by a trusted managed security service provider allows companies to get the most out of their EDR product without adding headcount or building a SOC.

• Why do I need an endpoint agent?

  An endpoint agent, also known as an endpoint client or as endpoint security software, is software installed on individual devices within a network, such as computers and mobile devices. Its primary function is to enhance the security of these endpoints and the overall network infrastructure.

  The endpoint agent continuously monitors device activity, detects, and prevents various cyber threats, such as viruses.

  It offers protection, centralized management, and limited incident response capabilities, aiding in quick isolation and remediation of security incidents.

  Endpoint clients provide valuable visibility into device security, assist with patch management, and help address compliance requirements.

  As a crucial component of a multi-layered security approach, endpoint clients play a vital role in maintaining a strong security posture.

• What is CrowdStike Falcon Prevent?

  Falcon Prevent is a cloud-native next-generation antivirus (NGAV) cybersecurity technology that replaces traditional antivirus with more endpoint visibility. It uses AI, advanced behavioral analysis with indicators of attack (IOAs), high-performance memory scanning, and exploit mitigation to detect advanced and unknown threats, including file-less attacks.

  It is a lightweight agent that doesn't require a reboot or complex tuning. It is compatible with all major operating systems.

• What is a CrowdStrike Powered Service Provider (CPSP)?

  CrowdStrike announced their CrowdStrike Powered Service Provider (CPSP) program in 2022 as a way to differentiate preferred service providers.

  It signals partners who meet CrowdStrike's high partnership standards. CPSPs are certified through CrowdStrike's training, specializing in their platform.

  Additionally, partners are able to access preferred license pricing and bundles for their clientele.

  PacketWatch is a CPSP with CrowdStrike.