VanRoey Logo
VanRoey Logo
menu
Header image overlay

EDR: the self-learning antimalware agent with 'a licence to kill

You secure your network with the ultimate aim of keeping out hackers and malware. But have you ever thought about what to do if you are hit? We explain how EDR can spot even the latest malware and limit the damage of an infection.

We assume (or hope) that today you have a well secured IT environment. All soft- and firmware are up to date, solid firewalls and antivirus keep watch over the network and numerous other measures are active... The chance that you can still become infected is minimal, but it can never be ruled out.

Firewalls and Antivirus software work largely with 'definitions' to spot known malware or attacks. However, 'Zero days' are regularly misused. These are unknown vulnerabilities in firm- and software for which no patch exists yet. These exploits are traded expensively on hacker forums. because companies can't protect themselves against it.

Hackers can now get their hands on the keys to the backdoor of thousands of organisations. Until recently, the only party that could protect you against this was the manufacturer of the hardware or software affected. But first of all, they must be aware of the leak, and secondly, they must be able (or willing) to release the budget to fix it. Then it is up to you to roll out the patch as quickly as possible.

How do you protect your environment from Zero days?

So there are -with certainty- leaks in every environment, including yours. It is just not yet known where they are and whether they are already being actively abused. Whichever way you look at it, there will come a time when unknown malware will try to take advantage of your environment in this way.

That leaves the question: How well prepared are you for this?
From infection onwards, every second counts and there are 2 things that are vital to limit the damage:

  1. How long does it take to detect the unknown infection?
  2. How soon can you prevent the infection from spreading further?

So you need a fire detection and extinguishing system to nip even brand new malware in the bud immediately. This is where Endpoint Detection & Response (EDR) can make a difference.

How can EDR detect unknown malware?

EDR operates largely as an intelligent monitoring system, supported by machine learning.

FortiEDR in the task manager In a first phase, it studies your existing network: Who uses which applications? Which files are regularly modified, what is the impact on the registry, existing services or important system files... The monitoring even works at kernel level, where the code and instruction sets are closely guarded. Even virtual environments (Citrix, VMware, VDI...) no longer hold any secrets.

Once EDR gets to know your environment, it will send out alerts and intervene immediately when suspicious actions are detected:

  • A cryptolocker that suddenly starts encrypting numerous files
  • A virus that adds suspicious things to your registry or tries to embed itself in other files
  • Malware that wants to abuse unused resources for the mining of cryptocurrencies
  • Malware that starts scanning the network for open ports or other vulnerabilities and/or communicates with an unknown IP address.
  • Even 'fileless attacks' which are otherwise almost impossible to detect because they leave no traces, come to light.
  • When a program tries to remove recovery images or start irrelevant software or services

In this way, EDR manages to spot and defuse even the most obscure, unknown malware almost immediately.

The suspect device is immediately quarantined to prevent further spread. The behavioral pattern of the as yet unknown malware is immediately analyzed in greater depth and trickles down to all users within the EDR ecosystem so that an even faster response can be achieved. That way, everyone is immediately protected against this new iteration of malware. Finally, EDR also tries to restore the affected workstation.

FortiEDR overview | VanRoey.be

Detection, prevention, analysis and reporting

As an admin, you can keep a close eye on suspicious activities in your network via the EDR-Console. The clear dashboards not only map out any threats or suspicious movements, but also the weak points in the security of your network. Intrusion attempts are reported and in the event of a successful hack or malware infection, the affected system is blocked from the network as quickly as possible, allowing you to zoom in on the cause, the risks and the eventual recovery of the workstation or server.

How this works within FortiEDR you can see very clearly in this technical video (from 2:29)

Fortinet Expert Partner | VanRoey.beWe are happy to see that more and more organizations are discovering the way to the advanced EDR. As far as we are concerned, it is an absolute must-have within every IT environment. The advantages are numerous and obvious for any modern organization, large or small.

If you'd like more information or a demo from our experts on EDR, feel free to leave your details below and we'll arrange to meet further.

[activecampaign form=388 css=0]

"Even 'fileless attacks' that would otherwise be almost impossible to detect come to light thanks to EDR"
Working at VanRoey.be?

We are looking for tough guys/women!

Care to join us in this climate-neutral high-tech hub?
View vacancies
Clippy forces you to follow us.

Written by:

Els-Bleys
LinkedIn icon
Els Bleys
Security Engineer

Els is 'a real VanRoeyer' and has already completed a fascinating growth path within VanRoey.be. She started many years ago as a Service Desk Engineer and progressed to Support Engineer for companies. After that she became a Support Teamleader. Her passion and interest in security solutions, combined with mountains of experience, make her a rock-solid Security Engineer today.

Related info

  • Blog

VanRoey.be Wins Fortinet EMEA Growth Partner Of The Year award!

Fortinet EMEA award Partner growth 2018 Pat and Roel on stage

XDR: Extended Detection and Response

Fortinet Threats | VanRoey.be
  • Blog

Ransomware: how to prevent & what to do if it does go wrong?

Cybersecurity phishing ransomware | VanRoey.be

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question


Thanks to the Fortinet Security Fabric, a single security platform allows us to manage all our devices centrally and conveniently, without sacrificing data nor Internet accessibility! Watch video case...
Luc Smet
Luc SmetICT-NIM Teamleader


What I appreciate most about VanRoey is their hands-on approach and no-nonsense corporate culture. Moreover, they don't just answer the question, but they really do think along. For us, this has led to a deeper understanding and solutions that exactly fill our needs. Watch video case...
Steven BruynseelsIT Operations Manager


Switching to telephony via Teams went smoothly. Communication is very important to me in such projects. The cooperation between us, Telenet and VanRoey went very smoothly. Watch video case...
Gert Torah
Gert TorahIT Manager


I've worked with many companies before, but the approach of VanRoey is really quite unparalleled. With VanRoey.be we found the IT partner we were looking for. Read the case...
Raf De Leu
Raf De LeuIT Manager


We are very satisfied with the cooperation with VanRoey. Their people have a extensive knowledge and, in addition, can be used on a understandable way ...to transfer. Read the case...
Kim Kerkhofs
Kim KerkhofsExecutive assistant


Quality pays for itself over the years anyway, both for construction projects and in ICT. We therefore opted for the VanRoey ecosystem: the right solutions, the right brands, expertise and flexibility, with high reliability as a result. Read the case...
Martin Björklund
Martin BjörklundICT administrator

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

Conditions – PartnershipsSatisfaction survey - VanRoey

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate
GPS Tracking(Sensolus) / Indoor tracking (Pozyx)

Events

Training

Experience Center

Jobs

About

ESG

Kempus

Customer Area

Contact
Living Tomorrow building

Event: 30 Nov

IT Inspiration Day

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Info & registration

Attention: limited number of places!