Introduction
EDR is an effective and modern software safeguard to better protect our institutional data and systems from malicious actors. With the increased cyber threat landscape and ransomware activity worldwide, the University is employing a tool called Endpoint Detection and Response (EDR) to recognize and quickly respond to malicious system behavior. EDR tools help detect malicious activity, even in a remote work environment, and rapidly mitigate or isolate the activity to prevent further disruption to employees’ work and University systems.
EDR protection offers multiple security tool components including: next generation anti-virus, threat intelligence, and around-the-clock detection and response. This tool helps the University respond quickly to advanced attacks that use malware (malicious programs specifically designed to steal information) or stolen credentials to move around a network and steal data.
Capabilities, Benefits, and Key Features
EDR tools monitor endpoint process executions, the act of writing and reading of files, network activity, and process relationships to create a model of what is happening on a computer. Using this model, an EDR tool can leverage hash matching (indicators of compromise), pattern matching (indicators of attack), proprietary intelligence drawn from other incidents, machine learning, and a staffed operations center to detect malicious activity.
What can I expect?
[Set meaningful service level expectations]
Limitations / Technology Requirements
EDR may be limited to current versions of operating systems. Certain systems such as manufacturing machines or devices that use or contain computers from the factory may or may not allow or accommodate an EDR solution.
Who may use it?
This tool shall be deployed on all Miami University-owned computers, lab computers, servers, laptops, desktop computers, mobile devices, cellular devices, software containers, and virtual machines.
Is there a charge to me or my department?
The University IT department is providing the funds to purchase licenses for this product.
Additional Common Requests
[List request models or other common KB articles of use to the user]