Endpoint Detection and Response

Agger Agents detect anomalies and blocks security threats of any kind.

Overview

In order to detect anomalies and potential security threats, the AGGER Agents monitor the Endpoints of the network analyzing the behaviour of the running processes. The Agent itself uses intelligent sources to search for compromission and action indicators (IOC and IoA) and interacts with them according to predetermined rules.

The Agger server manages the infrastructural reactions with its agents and evaluates the most appropriate outcome based on the availability and criticality of each endpoint.

How does it work?

The agents use indicators of compromission (IOC),  indicators of action (IoA) and special Machine Learning Algorithms to detect any eventual anomaly.

 

Based on pre-authorized rules, the Agent is able to perform containment actions of issues revealed at every single endpoint: Therefore it can kill, stop or relaunch processes and services by authorizing or blocking network connections, as well as authorizing or blocking USB devices or running any other type of command.

Module's management

The central console gives permission to complete management of Agger EDR infrastructure, including total control of all remote endpoints and access to the evidence and logs that happened on the network for a deep incident investigation.

What are the advantages?

Software Agent is available for all the Microsoft OS's (from XP onwards) to Linux and Unix.

A easy quick installation and configuration thanks to the self-learning ability.

The endpoint defence even if not connected to the corporate network.

Identification of threats based on processes and network communications behavioral anomalies.

Protect your systems from cyber threat. Find out the Gyala approach.