Detection of suspicious activities on the endpoints

Real-time visibiliy with a central platform

Investigation and neutralisation of advanced threats

WITH HARFANLAB’S EDR

QUICKLY IDENTIFY THREATS

Spot anomalies in real-time

Our EDR collects information on endpoints in real-time. Its detection engines instantly identify anomalies and generate alerts.

Prioritise the most urgent alerts

Visualise all alerts in the ATT&CK matrix to identify the tactics used against your system. You can treat the most risky attacks in priority

Correlate information on all your endpoints

Alerts are automatically integrated to your usual platform (SIEM or SOAR). Your specialists can then correlate network information and system information on all your computers and servers.

INVESTIGATE AN INCIDENT IN DEPTH

Simply qualify alerts

Visualise all alerts associated with a process tree in order to easily qualify a malicious behavior. MITRE ATT&CK guides the analysis and treatment of a alerts.


Threat hunting

Our advanced investigation tools are easy to navigate and allow for your analysts to research signs of threats and identify suspicious behaviors on all your endpoints.


Going further...

For each new process on an endpoint, the operator can visualize the disassembled code. They can also access the memory of endpoints in order to gather additional clues.

TARGET AND ELIMINATE THE THREAT

Prevent a threat from propagating

Isolate the infected endpoints to prevent lateral movement of attackers. Define your own rules to block processes and prevent the use of one attack on all endpoints.


Eliminate the threat

In order to neutralize the threat, remediation rules can be applied on all or part of the endpoints. You can adapt them to the ongoing investigations.


Capitalize feedback

Expand the investigation and remediation playbooks of your SOAR. Our EDR retrieves the tasks to be applied to the system as soon as the playbook is started by your analysts.

WHY HARFANGLAB ?

Our solution is made of software agents implanted on your endpoints and of a collector that centralises the detection engines and investigation tools. Our algorithms are designed to facilitate analysis without cluttering the network or the endpoints.

A SOLUTION TRAINED ON RECENT ATTACKS

Our EDR won the Cyber Challenge organized by the French Ministry of Defense. Its specificity is a sharp analysis engine that adapts to new threats. It is regularly enriched by our experiences in investigation and incident response.

Learn more about threat hunting

OUR PLATFORM INTERACTS WITH OTHER TOOLS

Our solution can be connected to your network probes, SIEM or SOAR, as well as threat intelligence databases, in order to federate information about the system security.

Our solution use indicator of compromise from threat Intelligence database.

A DEPLOYMENT ADAPTED TO YOUR NEEDS

Define your investigation perimeter, we deploy the EDR according to your needs.

Cloud
  • You have a dedicated or mutualized collector in our cloud
  • Our experts support your operations via a remote and secure access
On site
  • We deploy a dedicated collector in your premise.
  • Our experts come in your premises to support you

A DEPLOYMENT ADAPTED TO YOUR NEEDS

Define your investigation perimeter, we deploy the EDR according to your needs.

Cloud
  • You have a dedicated or mutualized collector in our cloud
  • Our experts support your operations via a remote and secure access
On site
  • We deploy a dedicated collector in your premise.
  • Our experts come in your premises to support you