Enterprise Advanced Security (EDR): SenseOn – DETECTION

Understand cyber security testing with visible threat intelligence

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.

Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attack. See the value of cybersecurity testing with visible threat intelligence.

Some EDR products are designed solely to watch and inform, while others can also get involved and remove threats either as soon as they appear or after they start causing damage.

For the ‘stoppers’ we run the Enterprise Advanced Security test in Protection mode. For ‘watchers’ like SenseOn we can demonstrate effectiveness by testing in Detection Mode.

An Endpoint Detection and Response (EDR) product is more than anti-virus

In this report we look at how SenseOn handled full breach attempts. At which stages did it detect? And did it allow business as usual, or alter wrongly against legitimate applications?

The targeted attacks used in this test replicate those used by the following attack groups in the real world:

• Turla
• Ke3chang
• Threat Group-3390
• Kimsuky

Read this SE Labs assessment and discover how SenseOn handles advanced targeted attacks. Find the value in early detection systems. We also describe in detail how each of the attack groups have worked in the past and how we’ve copied their tools and techniques to create a realistic test that reflects real-world security situations.