ESET Enterprise Inspector (EEI)


Share

ESET Enterprise Inspector is ESET’s Endpoint Detection and Response (EDR) tool for identification of anomalous behavior, identification of breaches, risk assessment, and further forensic investigation that features response capabilities to mitigate the discovered threats.

ESET Enterprise Inspector lets security teams intuitively hunt for APTs, file less attacks and other type of malicious activity by applying behavioral and machine learning algorithms over low-level system data collected from endpoints. They can easily configure their own indicators of attack, perform threat hunting, forensic analysis, and root cause analysis.

ESET uses multi-layered technologies that go far beyond the capabilities of basic antivirus. ESET has developed its own in-house machine learning engine, dubbed ESET Augur. ESET Advanced Machine Learning runs as a lightweight layer of defense especially designed to fight never-before-seen threats. The mechanism uses multiple algorithms and models to decide whether a suspicious sample is clean, malicious or potentially unsafe.

Features

  • Incident detection—Monitor the Detections section to reveal security incidents, Advanced Persistent Threats (APT), targeted attacks.
  • Incident management and response—Use a built-in set of rules or create own rules to respond to detected incidents.
  • Data collection—Determine when an executable was launched for the first time and by whom, check the dwell time and attacked devices.
  • Indicators of Compromise (IOC) detection – View and block modules based on over 30 different indicators, including hash, registry modifications, file modifications and network connections
  • Anomaly detection—See what is being executed in your company network and reveal unexpected actions.
  • Behavior detection—See what actions were carried out by an Executable: modified files, changing registry entries, connections made. Assess if the executed processes are safe or suspicious by looking at markers such as LiveGrid® reputation.
  • Policy violations—Block malicious executables from being executed on any computer in your company network.

Leave a reply