Managed Endpoint Detection & Response from Swisscom delivers greater security to companies

Endpoint Detection & Response (EDR) is the answer. Unlike signature-based antivirus software, EDR analyses device behaviour and looks for anomalies. “The dashboard allows our customers to track everything in real time,” says Peter. “This ensures that potential security vulnerabilities can be revealed across all end devices. Security alerts are automatically investigated and resolved where possible, which frees up the security operations team.”

However, EDR does not automatically detect and prevent all attacks. EDR needs to be integrated into overarching security solutions and embedded into a Security Operation Center (SOC), and experienced security analysts often need to evaluate suspicious endpoint behaviour. With EDR, analysts can focus on a smaller number of suspected attacks (handled alerts) and do not have to evaluate thousands of events and logs, massively reducing their workload. If an incident does occur, EDR gives the security team a rapid overview of the monitored IT infrastructure and enables them to respond immediately across all the endpoints, by isolating an endpoint compromised by malware or by moving suspicious files into a quarantine directory.

EDR is therefore not a standalone solution and should be integrated into existing security solutions and processes. EDR from Swisscom can be combined with SOC as a Service or CSIRT as a Service, for instance. This allows Swisscom customers to mount a successful defence against fileless attacks such as malware, invasive programs and zero-day exploits.