WithSecure Elements Endpoint Detection and Response (EDR)

Why WithSecure Elements Endpoint Detection and Response?

IMPROVE VISIBILITY

Improve visibility into your IT environment status and security with application and endpoint inventories. Easily spot misuse from proper use by collecting and correlating behavioral events beyond malware.

DETECT BREACHES QUICKLY

Detect targeted attacks quickly thanks to immediate alerts with minimal false positives. Be prepared before breaches happen by setting up advanced threat detection & response capabilities within just few days.

RESPOND FAST WHENEVER UNDER ATTACK

Improve your team’s focus with built-in automation and intelligence that support a swift response to the real advanced threats and targeted attacks. Get guidance on how to respond with the option to automate response actions around the clock.

A powerful solution

Broad Context Detection™

The broader context of targeted attacks becomes instantly visible on a timeline with all impacted hosts, relevant events and recommended actions.

The solution uses real-time behavioral, reputational and big data analysis with machine learning to automatically place detections into a broader context, including risk levels, affected host importance and the prevailing threat landscape.

Event Search

With this built-in feature you can view, search, and explore the event data collected from your company endpoints that are related to any Broad Context Detections.

Event Search for Threat Hunting

This advanced feature is used to explore and interact with all the raw event data collected from the endpoints. Its sophisticated filtering capabilities lets your cyber security experts at SOC execute proactive threat hunting to detect and stop the most sophisticated hidden threats. Event Search for Threat Hunting is an optional component of WithSecure Elements Endpoint Detection and Response.

Elevate to WithSecure

Some detections require deeper threat analysis and guidance by specialized cyber security experts. For these tough cases, the solution has a unique built-in "Elevate to WithSecure" service. It offers professional incident analysis of methods and technologies, network routes, traffic origins, and timelines of Broad Context Detection™ to provide expert advice and further response guidance whenever under attack.  

Automated Response

Automated response actions can be used to reduce the impact of targeted cyber attacks by containing them around the clock whenever risk levels are high enough. This automation is designed specifically to support teams only available during business hours, also taking the criticality of detections into account.

Host isolation

Stopping breaches as early as possible is paramount, and with Host isolation, this can be achieved. When a breach is detected the host affected can be automatically or manually isolated from the network, stopping the attacker from using the host.

Meanwhile, the host can be investigated by IT Security specialists for evidence about the breach. Even if the host is otherwise isolated, it can still be centrally managed from the Management portal.

WithSecure’s detection and response capabilities shine in 3rd MITRE ATT&CK® Evaluation

Independent evaluation by using MITRE Engenuity’s open methodology based on Adversarial Tactics, Techniques & Common Knowledge (ATT&CK®) framework - April 2021