Evolving beyond Next-Gen Anti-Virus Endpoint Detection and Response (EDR) combines continuous monitoring, behavioral analytics, cloud-based threat analysis,automated response capabilities, and other tactics to detect, contain, or mitigate threats such as ransomware or malware that target endpoints like laptops, servers, and desktops. 

A managed detection and response (MDR) solution enhances an EDR solution by providing qualified security professionals 24/7 with eyes on glass to manage the detection, response, and mitigation of threats. Additionally, MDR provides support for endpoint lifecycle management, troubleshooting, and often proactive threat hunting. MDR solutions are ideal for organizations that may lack the necessary resources or expertise to manage an EDR solution, or those who want 24/7/365 coverage to respond to threats in real time. 

Software agents are installed on individual endpoints to monitor activity and collect data—such as processes, connections, volume of activity, and data transfers—into a centralized portal and data lake. Baseline rules recognize when incoming data indicates a known type of security event and trigger an automatic response. The solution also uses machine-learning and AI technologies to detect anomalous actions in real time, including fileless attacks, exploits, bad macros, evil scripts, ransomware, and other types of attacks.

Threats are responded to by various techniques including alerting, killing the process, quarantining a file, or isolating an endpoint so that the threat is stopped before harm can occur. Non-threats can proceed without disrupting operations. Machine learning uses the information gathered to strengthen the service’s ability to detect and protect against security incidents.

The biggest differentiator is US Signal’s Security Operations Center. The SOC team assists with setting up the solution, serves as trusted partners to the customer, and provides guidance in integrating the platform with other security technologies deployed by the customer to build a comprehensive defense-in-depth security strategy. The US Signal SOC provides 24×7 monitoring of your environment and stands ready to respond should a security incident occur.

In addition, US Signal’s MDR solution offers flexible service levels to best meet customers’ needs and continually evolves to provide protection in an ever-changing threat landscape.

An agent is a software program deployed to each endpoint. It runs autonomously on each device, without reliance on an internet connection, and operates at the kernel level. Using a dynamic behavior-tracking engine, it monitors all processes in real time. Premium-tier visibility allows customers to see exactly what happened on an endpoint at each stage of execution, including threat origin, patient zero, process and file activity, registry events, network connections, and forensic data. While the agent provides protection when no internet connection is present, centralized alerting and the full benefits of the platform are realized when cloud-based intelligence is available. 

US Signal will provide a virtual, guided deployment for all service tiers led by an experienced member of US Signal’s Security Operations Center team. If further assistance is desired, US Signal can provide on-site support for deployment at an additional cost. 

The MDR solutions can be used for laptops, desktops, and servers running Microsoft Windows, Apple Mac OS X, and most current Linux OS types. 

IoT devices are not covered at this time. 

The solution agent won’t slow down the endpoint it’s installed on. Unlike antivirus products that require constant “.dat” file signature updates and daily disk scans, US Signal’s software agents use static file AI and behavioral AI. This saves on CPU, memory, and disk I/O, providing end users with better performance. Note: System resource consumption will vary depending on system workload. 

For customers subject to CJIS, GDPR, HIPAA, PCI, or GLBA, Anti-Virus or modern-day EDR that automatically updates signatures is either a required or addressable control that must be implemented. US Signal’s MDR offerings address these requirements. 

Yes. The agent on the endpoint performs static and dynamic behavioral analysis pre- and on-execution. These two methods are the principal prevention and detection methods in use and don’t require internet connectivity. When the agent is online, in addition to the local checks, it may also send a query to the cloud for further checking. Alerting, remote quarantine ability, administrative visibility, and functionality of the console is lost until the device is back online.

Yes. It is considered a Software-as-a-Service (SaaS) solution. However, agent prevention, detection, and response logic are performed locally on the software agent, meaning detection and protection capabilities are not cloud-reliant. Some EDR platforms rely on real-time upload of indicator telemetry to the cloud for purposes of identifying attacks—this is not the case for US Signal’s solution.

This eliminates the large time gap between infection and cloud detection and response time that is associated with cloud-centric solutions.

Yes. The US Signal solution is designed to replace anti-virus and similar EDR solutions. 

Some lightweight anti-malware tools can coexist, but other advanced endpoint agents may conflict with the solution and should be removed.

Yes. Logs and alerts can be forwarded from the EDR platform to the customer's SIEM platform, and will be discussed during the implementation phase

Yes. They offer multiple capabilities to protect against ransomware, including: 

• The ability to kill orend processes 
• File and script quarantine 
• Remediation (reversal) of unwanted changes 
• Rollback of Windows systems to their prior state 
• Auto or manual device network containment prior to the state, while preserving the administrator’s ability to maintain interaction with the endpoint via the console 

No, but there’s no need to “train” the AI within your environment. The data science team behind the solution trains the machine learning models in the development lab to help improve detection and protection, and reduce the false positive rate. New models are periodically introduced as part of agent code updates.

Yes. They can scale to protect large environments of hundreds or even thousands of endpoints. 

Yes. Updated information is provided frequently

There is the ability to restrict the use of USB removable media and Bluetooth devices with the MDR solution.