Home
D for Defense not just Detection:
- Blocks all non-privileged EXE/DLL file-based malware without the need for signatures/ML/AI
- Uncovers "Living-off-the-Land" offensive techniques through additional data enrichment & analytics
- Open-source for you to extend & customize!
You have working knowledge of computers, networks & even programming with SQL, scripting & so on. You may have heard of the term EDR & seen vendors' demos. But most of these tools are still black-boxes & out-of-reach for you.
With OpenEDR, you can:
- Look at the Windows system at a deeper level, use it to understand how client-network infiltration operates
- See exactly which are the process sequences that are considered "benign" or common, which we often termed as "noise" events because they don't tell us much about attacks
- As pen-testers, some of the file-base payloads will become "obvious" with certain endpoint detection tool & have to improve your trade-craft to evade
The fleet of Windows endpoints you manage are mostly the same, running only a few specific apps. We are in bad times, budgets are tight, cyber-criminal activities heightened & increasing.
With OpenEDR, you can:
- Uncover poor file-permission configurations & usage patterns to fix before it becomes a breach
- Use it with free tools like Timefreeze (or Deep Freeze you have the budget) to secure your networks & reduce remedition time & effort; roll-back to a clean state automatically or centrally from management UI
- Understand the series of events that led to the incident; eg. users downloading & running stuff counter to usage policies