Endpoint Detection and Response

Agger Agents detect anomalies and block any security threats.


Agger Agents monitor the Endpoint analyzing behavior of running processes to detect anomalies and potential security incidents. The Agent uses threat intelligence sources and searches for indicators of compromission (IOC) and indicators of action (IoA) and automatically reacts according to predetermined rules.

The Agger server orchestrates the reaction at infrastructural level sharing the most relevant information to all the agents and evaluating the most appropriate reaction based on the availability and criticality of each endpoint.

How it works

The agents use indicators of compromission (IOC) and indicators of action (IoA) and special machine learning algorithms to detect any anomaly.

Based on pre-authorized rules, the Agent is able to perform incident containment actions at the single endpoint level: killing, stopping or relaunching processes and services; authorizing or blocking network connections; authorizing or blocking USB devices; or running any type of command.

Module management

The central console permits the complete management of Agger EDR infrastructure, the total control of all the remote endpoints and the access to all the evidences and logs for a deep incident investigation.


Software Agent available for all the Microsoft OS (from XP onwards), Linux, Unix.

Quick and easy installation and configuration thanks to the self-learning ability.

Endpoint defense even if not connected to the corporate network.

Identification of threats based on processes and network communications behavioral anomalies.

Protect your systems from cyber threat. Find out the Gyala approach.