Neutralize known and unknown threats in real time.
Without human action.


Gartner lists TEHTRIS as a Representative Vendor in the November 2021 Market Guide for Extended Detection and Response.

ISO 27001

Why choose EDR OPTIMUS?

Master the unknown with EDR OPTIMUS

Your antivirus software only protects you from known signatures. EDR OPTIMUS detects and neutralizes even unknown and stealthy threats.

24/7 detection and remediation

EDR OPTIMUS is a standalone solution that continuously monitors and protects your assets. The TEHTRIS technology hyper-automates your analyses, detections, and remediations, in real time.

Create your own playbooks

Save crucial seconds in your remediation with our SOAR (integrated into EDR OPTIMUS). Orchestrate and automate your cybersecurity solutions by creating your own playbooks in No Code Automation.

Immediately identify where an attack is coming from thanks to a full overview of your infrastructure. EDR OPTIMUS allows you to monitor all your endpoints 24/7 on a single dashboard. With a holistic view of your endpoints, you will detect and neutralize even the stealthiest attacks. Threats that were previously undetected are localized as soon as EDR OPTIMUS is installed. Combined with Shadow IT, which locates unprotected endpoints, EDR OPTIMUS gives you complete visibility into your cybersecurity.

Quick decision-making and fast responses of your teams play a key role in protecting your assets in case of a threat. When an attack occurs, EDR OPTIMUS immediately alerts your analysts and gives them the exact history and scope of the attack. To facilitate your team’s decision-making, EDR OPTIMUS is automatically connected to TEHTRIS CTI, to our Sandboxes that provide you with real-time analysis and to our artificial intelligence CYBERIA. You additionally also get access to our Threat Intel Platform, to support your teams in their investigations (hunting and forensic). Remediations can be hyper-automated thanks to our SOAR, which orchestrates your cybersecurity solutions. With EDR OPTIMUS, your analysts don’t waste time on repetitive tasks anymore.


and its NGAV with integrated EPP

With EDR OPTIMUS and its NGAV (Next Gen Antivirus) you will get the real-time protection of EDR OPTIMUS and the detection capabilities of a NGAV in the same solution. Unlike a traditional antivirus that only checks lists of known signatures, our NGAV detects known and unknown malware thanks to its neural networks (Deep Learning). With EDR OPTIMUS and its integrated NGAV, endpoint configuration and management are unified. No need to monitor multiple products simultaneously, all your security is provided by EDR OPTIMUS on our TEHTRIS XDR AI Platform.

Get all the benefits from an EDR and a NGAV in a single solution. XDR/ EDR OPTIMUS is deployed in less than 24 hours and only uses 1-3% CPU, 90 MB RAM and 50 MB disk space (these metrics may change depending on your use).

By adding a signature database to EDR OPTIMUS , you will get all the features of an EPP directly with your EDR. Our signature database comes with an antivirus engine and is continuously updated to detect and respond faster to threats. Even if your systems are disconnected, the signature database continues to protect you. OPTIMUS EDR/EPP with a signature database ensures the security of your workstations and servers and works in all your Windows infrastructures.

EDR OPTIMUS with a signature database has an anti-phishing module that blocks malware downloading. By applying specific rules, DeviceControl prevents the leakage of sensitive data and infection by malware from external devices.

with its signature database and integrated EPP

to your business

Every infrastructure is different and has its own cybersecurity needs. The more your cybersolutions are customized, the more effective they are. That’s why OPTIMUS EDR is fully configurable, with an optimized installation, to provide you with high-performance security:

Customizable hyper-automation:

level of the security alerts

Automatic Kill activation or not

Configurable filters

to find the most relevant information and facilitate the work of your analysts

Remote execution of your custom scripts

investigations, file deletions on a device…

according to your needs




In less than 24 hours
and only uses

1 à 3% de CPU


50 MB disk space

(these metrics may change depending on your use)

All our augmented technology included

CTI, SOAR, and our artificial intelligence CYBERIA:
EDR OPTIMUS goes further than other solutions by offering you all its augmented technology via the

Create your own
(in No Code Automation)
with the


to make your solutions interact (even with partners solutions such as Zscaler, Proofpoint…) and hyperautomate your cybersecurity.



Get access to instant analysis, sandboxing and hunting tools

Detect known and unknown threats with the neural networks (Deep Learning) of our artificial intelligence



These features are essential for an optimal protection of your assets and are directly accessible with


Stay in control of your data

More and more customers are alerting us: competing cyber solutions are retrieving and backing up all their data. To protect your company against industrial espionage, wherever you are, we have designed EDR OPTIMUS in a way that ensures that your files cannot be accessed. Choosing a cybersecurity solution that protects your data has become a strategic decision for business leaders in today’s cyber and geopolitical context.

Certified and recognized by
many actors of the cyber world

Leading cybersecurity authorities, analysts and associations recommend TEHTRIS solutions

MITRE ATT&CK compliance

MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.

Discover the compatibility of TEHTRIS XDR AI PLATFORM

< 1

Day to integrate


Countries where our technologies are deployed to detect and respond to incidents


EDR deployed in the cloud in less than 24 hours


Preserve the sovereignty
and integrity of your data

Since 2010, TEHTRIS innovates and improves
its cyber defense solution, through the
different modules of the TEHTRIS XDR AI PLATFORM.

Choose the European leader in cyber security!

Frequently Asked Questions

Do you have an automated remediation function?

EDR OPTIMUS has several features to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of depending on a human team that may be missing elements.

Does the EDR contain a vulnerability scan function?

EDR OPTIMUS can search for more than 11,000 CVE-type vulnerabilities, sometimes uncovering things that are totally invisible, such as machines that are vulnerable because of an old Java, Adobe Reader or Flash engine that has been forgotten or installed in legacy mode. This means you can deploy EDR OPTIMUS to audit your IT assets, without consuming excessive resources, and thus have the opportunity to ensure asset compliance.

Do you have an application policy type prevention function?

EDR OPTIMUS offers a range of protections against ransomware: the blacklists in our CTI database enrich the choices made by EDRs, application security policies that can be used to define conditions on your network with advanced granularity, Honeytokens-type concepts with fake files that a ransomware will want to destroy while still being detected (file-type computer decoys), and numerous behavioural-based mechanisms: attacking certain points on the hard disk, and so on.

Do you have protection against lateral attacks?

EDR OPTIMUS has several ways to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. This is a true SIEM tactical, local, capable of knowing whether a session is interactive or not, remote or not, in order to be able to track attacks of this type.

Do you have protection against illegitimate Powershells in an environment where TEHTRIS EDR is used for sytem administration?

EDR OPTIMUS embeds an ultra-sophisticated analysis engine, capable of differentiating between a legitimate product and one that is not, in terms of PowerShell, by analyzing the code executed on the fly so as not to miss any of the many modern and stealthy attacks associated.

Do you have a self-protection function (unauthorized uninstallation, bypass…)?

EDR OPTIMUS provides its own protection through layers that are directly installed in the Windows kernel, via a low-level driver, so that it cannot be uninstalled outside of an authorized centralized decision. It is not possible to remove the agent.

Do you have C&C access detection/protection?

The analysis of malicious URL links with C&C lists, etc. is mainly conducted by the EPP product. However, we can do targeted searches for these threats with EDR OPTIMUS in hunting mode.

Does the EDR continue to operate off-line?

EDR OPTIMUS continues to operate with its security policy already loaded when it goes offline. It then stores the events that it will report upon reconnection to its endpoint appliance. Of course, throughout this phase, the risk of intrusion without a network connection seems to be reduced, since EDR Optimus can also contain USB attacks for example.

Are EDR analyses linked to CTI?

EDR OPTIMUS may request the TEHTRIS Cyber Threat Intelligence module of TEHTRIS XDR AI Platform, to perform sandbox scans, offline antivirus scans, neural network engine scans, or malware knowledge base searches.

How do you use artificial intelligence?

TEHTRIS has many elements related to artificial intelligence and automatisms associated with the cyberworld. In machine learning mode, EDR OPTIMUS learns all the executions in your infrastructure in order to detect anomalies, as well as the persistence points used by hackers to survive a reboot or reconnection. In deep learning mode, EDR OPTIMUS has a compact neural network-based engine that can tell if software is malicious or not. This engine is also used in CTI. The latter is the first French product accepted by Google on its free service VirusTotal, where a public and non-commercial version is constantly running in search of unknown malware.

Do you have a sandbox?

EDR OPTIMUS natively uploads at-risk files back to its infrastructure so that the payload can be detonated in a sandbox environment. Robots plan and control the execution, analyze the results, and return the right information back to the EDRs on their own, so they can make a decision.

What is the difference between EDR and EPP?

To put it simply, EPP is the next-generation antivirus tool that protects the OS against known attacks. It is the real system shield. EDR solutions are used to detect unknown threats and handle security issues remotely with a range of incident response functions. TEHTRIS believes that EDR and EPP products will soon merge and become one tool through a necessary technological convergence. The existence of an EDR market was only necessary because they filled technical gaps on the EPP side. In a future that is already beginning, companies will choose one product, an endpoint protection solution, combining EDR and EPP features, to avoid agent issues. EPP and EDR OPTIMUS are already available for this purpose.

How can I be sure that an automatic kill is not a false positive?

We must choose the criteria that allow neutralization by software robots. It’s a risky action, that some EDR solutions don’t want to offer for fear of breaking everything. Unfortunately, the day an unknown ransomware comes in, such products, which are only used for response and analysis, will only be able to say that they have understood why the company is being destroyed (not helpful at all). This is not our philosophy and we prefer to offer automatic neutralization, carefully and properly configured. Depending on the aspect of the unknown software, you will be able to decide whether to let it go or not: behavior, sandbox results, antivirus results, antivirus databases results, etc.

Does your solution support Android and iOS?

For mobile devices, we offer another range of products, called Mobile Threat Defense, different from EDR OPTIMUS.

What customer information do you collect?

We collect metadata in a way that is compatible with the GDPR, and we will able to exchange on these elements if you wish.

Will your solution conflict with my EPP?

If your EPP agents plays at killing security software protecting your infrastructure, there might be a problem with the EPP settings or even the product. Currently, for all customers who do not have EPP, and who have been using EDR OPTIMUS since 2014, we have encountered a total of zero conflict issues with other EPP brands.

Can you isolate an endpoint where there’s a suspicion of compromise?

A EDR OPTIMUS agent can be instructed so that its hosts might only accept outbound network flows to its management appliance, so that a SOC can quietly study its host, without taking the risk of lateral movement or internal exploration.

What OSes do you support? Do you support obsolete OSes?

EDR OPTIMUS is compatible with Linux, macOS and Windows environments. Our EDR continues to support obsolete Windows operating systems, such as Windows XP and Windows 2003, in order to adapt to our customers’ severe constraints, particularly in the industrial sector (OT, ICS, SCADA).

Do you collect security logs from workstations?

EDR OPTIMUS collects and analyzes security logs from workstations, providing a so-called tactical SIEM capability, in order to keep very interesting events for cybersecurity analysts.

What is your agent’s overhead on endpoints?

EDR OPTIMUS uses less than 1% on average on the CPU, and less that 100 Mo to 200 Mo in RAM, depending on the settings you want to setup: loading the neural network in memory or not, etc.

Do you support industrial systems (EO, ICS…)?

EDR OPTIMUS has been tested and deployed by some of our customers in industrial environments on Windows boxes that were not advertised by the manufacturers as supporting it. These customers could no longer imagine not having antivirus (not enough RAM, too old, etc.) or EDR (light and powerful but not officially supported by the OT manufacturer). So, they made agreements with the manufacturers, and they conducted some tests alone, with the help of TEHTRIS in background. For example, we are in factories with equipment from different brands like Siemens (Simatic, Simoton, WinCC, TIA, etc.).

Do you have protection against removable devices?

EDR OPTIMUS can prohibit the use of external storage, or even set it to read-only to prevent deliberate or inadvertent exfiltration. TEHTRIS logs all traces of connected USB devices to provide traceability regarding these threats.