Endpoint Detection & Response

Within MITRE ATT&CK, an internationally known and highly specialized foundation of the US-American MIT Institute, numerous attacks have been analyzed and categorized by experts over many years. From this, conclusions can be drawn about the ways in which attackers are successfully penetrating corporate networks today. It has been determined that endpoints and the associated privileges are by far the easiest, most popular and most promising target for cyber attacks. Once an endpoint has been compromised, it is used as a stepping stone for lateral movement, with the aim of consistently and continuously expanding the privileges gained in order to ultimately infiltrate the entire infrastructure.

​

Users and their endpoints must therefore be the first line of defense. In our modern, flexible and location-independent working culture, components are no longer protected by numerous security zones or firewalls, etc. The endpoint therefore plays a central, essential role in modern cyber defense. Modern Endpoint Detection & Response (EDR) solutions and the corresponding team of experts are the foundation for this.

Establish endpoints as the first line of defense

SECURITY FACTORY | DETECT & RESPOND | ENDPOINT DETECTION & RESPONSE

Endpoint Detection & Response as a service

As part of our Managed Endpoint Detection & Response Service, our experts analyze your environment and your requirements as a first step. The aim is to better understand your organization and the associated digital core assets and the way you work. Based on the findings, Endpoint Detection & Response software is rolled out (on clients and servers) and equipped with appropriate guidelines.

We work with you to identify whether the software from our partners elastic (Endpoint Security) or Microsoft (Defender for Endpoint) is the right choice for you. We therefore offer maximum flexibility – whether cloud or on-premises strategy. To determine the correct functionality, simulated attacks are carried out following the rollout (atomic tests, with known-malicious and anomalously parameterized content). Finally, the service is handed over to Possehl Secure operations.

Our team of experts then monitors your endpoints, analyzes suspicious events and anomalies and raises the alarm as required and in a coordinated manner. The aim is to detect and avert attacks at a particularly early stage. This takes place within the framework of coordinated service and response times, either within your standard working hours or 24/7. We define together how autonomously our team should act in your environment using RACI matrices. This relieves your staff and you are not confronted with numerous alerts and the associated false positives.