Forensic analysis

Advanced EDR detects and blocks the execution of unknown and specially crafted malware designed to go unnoticed by signature-based traditional antivirus solutions. This is achieved by monitoring the actions taken by processes on customers’ computers, which are sent to the Cytomic cloud as part of the telemetry collected. Process monitoring enables us to classify every program run on users’ computers and determine the extent to which a customer’s network has been compromised. With this information about which actions were carried out by malicious processes, network administrators can take the containment and remediation measures appropriate to each case.

The web console makes all this information available to users through various resources, each of which provides different levels of detail:

• Extended detail pages.

• Action tables.

• Graphs.

• Excel files.