A French company, a European commitment

TEHTRIS solutions are entirely developed in France and hosted in Europe. Discover the values of excellence and innovation that drive our teams.

EDR

Neutralize known and unknown threats in real time.
Without human action.

Gartner lists TEHTRIS as a Representative Vendor in the November 2021 Market Guide for Extended Detection and Response.

Why choose OPTIMUS EDR?

Master the unknown with OPTIMUS EDR

Your antivirus software only protects you from known signatures. OPTIMUS EDR detects and neutralizes even unknown and stealthy threats.

24/7 detection and remediation

OPTIMUS EDR is a standalone solution that continuously monitors and protects your assets. The TEHTRIS technology hyper-automates your analyses, detections, and remediations, in real time.

Create your own playbooks

Save crucial seconds in your remediation with our SOAR (integrated into OPTIMUS EDR). Orchestrate and automate your cybersecurity solutions by creating your own playbooks in No Code Automation.

Holistic overview of your infrastructure

Immediately identify where an attack is coming from thanks to a full overview of your infrastructure. OPTIMUS EDR allows you to monitor all your endpoints 24/7 on a single dashboard. With a holistic view of your endpoints, you will detect and neutralize even the stealthiest attacks. Threats that were previously undetected are localized as soon as OPTIMUS EDR is installed. Combined with Shadow IT, which locates unprotected endpoints, OPTIMUS EDR gives you complete visibility into your cybersecurity.

A technology built to support your teams

Quick decision-making and fast responses of your teams play a key role in protecting your assets in case of a threat. When an attack occurs, OPTIMUS EDR immediately alerts your analysts and gives them the exact history and scope of the attack. To facilitate your team’s decision-making, OPTIMUS EDR is automatically connected to TEHTRIS CTI, to our Sandboxes that provide you with real-time analysis and to our artificial intelligence CYBERIA. You additionally also get access to our Threat Intel Platform, to support your teams in their investigations (hunting and forensic). Remediations can be hyper-automated thanks to our SOAR, which orchestrates your cybersecurity solutions. With OPTIMUS EDR, your analysts don’t waste time on repetitive tasks anymore.

OPTIMUS EDR
and its NGAV with integrated EPP

With OPTIMUS EDR/EPP and its NGAV (Next Gen Antivirus) you will get the real-time protection of OPTIMUS EDR/EPP and the detection capabilities of a NGAV in the same solution. Unlike a traditional antivirus that only checks lists of known signatures, our NGAV detects known and unknown malware thanks to its neural networks (Deep Learning). With OPTIMUS EDR/EPP and its integrated NGAV, endpoint configuration and management are unified. No need to monitor multiple products simultaneously, all your security is provided by OPTIMUS EDR/EPP on our XDR Platform.

Get all the benefits from an EDR and a NGAV in a single solution. OPTIMUS EDR/EPP is deployed in less than 24 hours and only uses 1-3% CPU, 90 MB RAM and 50 MB disk space.

OPTIMUS EDR with its signature database and integrated EPP

By adding a signature database to OPTIMUS EDR/EPP, you will get all the features of an EPP directly with your EDR. Our signature database comes with an antivirus engine and is continuously updated to detect and respond faster to threats. Even if your systems are disconnected, the signature database continues to protect you. OPTIMUS EDR/EPP with a signature database ensures the security of your workstations and servers and works in all your Windows infrastructures.

OPTIMUS EDR/EPP with a signature database has an anti-phishing module that blocks malware downloading. Manage all your peripheral devices with our Device Control module which raises an alert as soon as a device is connected.

Adapt OPTIMUS EDR to your business

Every infrastructure is different and has its own cybersecurity needs. The more your cybersolutions are customized, the more effective they are. That’s why OPTIMUS EDR is fully configurable, with an optimized installation, to provide you with high-performance security:

  • Installation according to your needs: SaaS, on-prem or hybrid
  • Customizable hyper-automation: level of the security alerts, Automatic Kill activation or not…
  • Configurable filters to find the most relevant information and facilitate the work of your analysts
  • Remote execution of your custom scripts: investigations, file deletions on a device…

Stay in control of your data 

(Security & Ethics by design)

Our customers are alerting us: competing cybersolutions are retrieving their customer’s data and backing it up to their cloud. OPTIMUS EDR is hosted in Europe. We do not have access to your files nor your data in order to protect your company from espionage. In today’s cyber and geopolitical climate, choosing where to host your data has become a strategic decision for business leaders.

All our augmented technology included

CTI, SOAR, and our artificial intelligence CYBERIA: OPTIMUS EDR goes further than other solutions by offering you all its augmented technology via the TEHTRIS XDR Platform.

  • Create your own playbooks (in No Code Automation) with the SOAR to make your solutions interact (even with partners solutions such as Zscaler, Proofpoint…) and hyper-automate your cybersecurity.
  • Get access to instant analysis, sandboxing and hunting tools with TEHTRIS CTI.
  • Detect known and unknown threats with the neural networks (Deep Learning) of our artificial intelligence CYBERIA

These features are essential for an optimal protection of your assets and are directly accessible with OPTIMUS EDR.

Pictogramme : Rouage avec TEHTRIS EDR, TEHTRIS EPP, TEHTRIS UES, TEHTRIS MTD

Increased efficiency with Unified Endpoint Security approach

Unify the security of all your endpoints (computers, servers, smartphones, tablets…) with the TEHTRIS UES bundle, which combines EDR, EPP and MTD in a single console.

Titre MITRE ATTACK

MITRE ATT&CK compliance

MITRE ATT&CK is a knowledge base with a model of the behavior of a cyber attacker, reflecting the different phases of the attack life cycle according to the targeted platforms: Windows, Mac, Linux, mobile, etc.

Discover the compatibility of TEHTRIS XDR with MITRE ATT&CK

1

Day to integrate OPTIMUS EDR

100

Countries where our technologies are deployed to detect and respond to incidents

+ 20 K

EDR deployed in the cloud in less than 24 hours

Data Center, sauter vers le TEHTRIS EDR c'est faire le pari d'avoir une entreprise mieux protégée contre les cyberattaques

Preserve the sovereignty and integrity of your data

Since 2010, TEHTRIS innovates and improves its cyber defense solution, through the different modules of the TEHTRIS XDR Platform.

Choose the European leader in cyber security!

Frequently Asked Questions

TEHTRIS EDR has several features to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of depending on a human team that may be missing elements.

TEHTRIS EDR offers to search for more than 11,000 CVE vulnerabilities, which allows you to discover sometimes totally invisible things, such as machines that are vulnerable because of an old Java engine, Adobe Reader, or Flash, forgotten or installed in “legacy” mode. You can deploy TEHTRIS EDR to audit your IT assets, without consuming excessive resources, and thus have the possibility to ensure the compliance of your assets: patch management policy, risk aversion criteria, etc.

TEHTRIS EDR has several protections against ransomware: the blacklists in our CTI which enrich the choices of EDRs, application security policies to authorize only what you want, Honeytokens-type concepts with fake files that a ransomware will want to destroy while being detected (file-type computer lure), and many behavioral-based mechanisms: attacking certain points on the hard disk, etc.


TEHTRIS EDR has several ways to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. This is a true SIEM tactical, local, capable of knowing whether a session is interactive or not, remote or not, in order to be able to track attacks of this type.

TEHTRIS EDR embeds an ultra-sophisticated analysis engine, capable of differentiating between a legitimate product and one that is not, in terms of PowerShell, by analyzing the code executed on the fly so as not to miss any of the many modern and stealthy attacks associated.

Frequently Asked Questions

TEHTRIS EDR has several features to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of depending on a human team that may be missing elements.

TEHTRIS EDR offers to search for more than 11,000 CVE vulnerabilities, which allows you to discover sometimes totally invisible things, such as machines that are vulnerable because of an old Java engine, Adobe Reader, or Flash, forgotten or installed in “legacy” mode. You can deploy TEHTRIS EDR to audit your IT assets, without consuming excessive resources, and thus have the possibility to ensure the compliance of your assets: patch management policy, risk aversion criteria, etc.

TEHTRIS EDR has several protections against ransomware: the blacklists in our CTI which enrich the choices of EDRs, application security policies to authorize only what you want, Honeytokens-type concepts with fake files that a ransomware will want to destroy while being detected (file-type computer lure), and many behavioral-based mechanisms: attacking certain points on the hard disk, etc.


TEHTRIS EDR has several ways to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. This is a true SIEM tactical, local, capable of knowing whether a session is interactive or not, remote or not, in order to be able to track attacks of this type.

TEHTRIS EDR embeds an ultra-sophisticated analysis engine, capable of differentiating between a legitimate product and one that is not, in terms of PowerShell, by analyzing the code executed on the fly so as not to miss any of the many modern and stealthy attacks associated.

TEHTRIS EDR provides its own protection through layers that are directly installed in the Windows kernel, via a low-level driver, so that it cannot be uninstalled outside of an authorized centralized decision. It is not possible to remove the agent.

The analysis of malicious URL links with C&C lists, etc. is mainly conducted by the TEHTRIS EPP product. However, we can do targeted searches for these threats with TEHTRIS EDR in hunting mode.

TEHTRIS EDR continues to operate with its security policy already loaded when it goes offline. It then stores the events that it will report upon reconnection to its endpoint appliance. Of course, throughout this phase, the risk of intrusion without a network connection seems to be reduced, since TEHTRIS EDR can also contain USB attacks for example.

TEHTRIS EDR may request the TEHTRIS Cyber Threat Intelligence module of TEHTRIS XDR Platform, to perform sandbox scans, offline antivirus scans, neural network engine scans, or malware knowledge base searches.

TEHTRIS has many elements related to artificial intelligence and automatisms associated with the cyberworld. In machine learning mode, TEHTRIS EDR learns all the executions in your infrastructure in order to detect anomalies, as well as the persistence points used by hackers to survive a reboot or reconnection. In deep learning mode, TEHTRIS EDR has a compact neural network-based engine that can tell if software is malicious or not. This engine is also used in TEHTRIS CTI. The latter is the first French product accepted by Google on its free service VirusTotal, where a public and non-commercial version is constantly running in search of unknown malware.

TEHTRIS EDR natively uploads at-risk files back to its infrastructure so that the payload can be detonated in a sandbox environment. Robots plan and control the execution, analyze the results, and return the right information back to the EDRs on their own, so they can make a decision.

To put it simply, EPP is the next-generation antivirus tool that protects the OS against known attacks. It is the real system shield. EDR solutions are used to detect unknown threats and handle security issues remotely with a range of incident response functions. TEHTRIS believes that EDR and EPP products will soon merge and become one tool through a necessary technological convergence. The existence of an EDR market was only necessary because they filled technical gaps on the EPP side. In a future that is already beginning, companies will choose one product, an endpoint protection solution, combining EDR and EPP features, to avoid agent issues. TEHTRIS EPP and TEHTRIS EDR are already available for this purpose.

We must choose the criteria that allow neutralization by software robots. It’s a risky action, that some EDR solutions don’t want to offer for fear of breaking everything. Unfortunately, the day an unknown ransomware comes in, such products, which are only used for response and analysis, will only be able to say that they have understood why the company is being destroyed (not helpful at all). This is not our philosophy and we prefer to offer automatic neutralization, carefully and properly configured. Depending on the aspect of the unknown software, you will be able to decide whether to let it go or not: behavior, sandbox results, antivirus results, antivirus databases results, etc.

For mobile devices, we offer another range of products, called Mobile Threat Defense, different from TEHTRIS EDR.

We collect metadata in a way that is compatible with the GDPR, and we will able to exchange on these elements if you wish.

If your EPP agents plays at killing security software protecting your infrastructure, there might be a problem with the EPP settings or even the product. Currently, for all customers who do not have TEHTRIS EPP, and who have been using TEHTRIS EDR since 2014, we have encountered a total of zero conflict issues with other EPP brands.

A TEHTRIS EDR agent can be instructed so that its hosts might only accept outbound network flows to its management appliance, so that a SOC can quietly study its host, without taking the risk of lateral movement or internal exploration.

TEHTRIS EDR runs on Linux, Apple macOs and Windows.

TEHTRIS EDR collects and analyzes security logs from workstations, providing a so-called tactical SIEM capability, in order to keep very interesting events for cybersecurity analysts.

TEHTRIS EDR uses less than 1% on average on the CPU, and less that 100 Mo to 200 Mo in RAM, depending on the settings you want to setup: loading the neural network in memory or not, etc.

TEHTRIS EDR supports obsolete Windows operating systems, such as Windows XP and Windows Server 2003, which we encounter very often, especially in industrial computing environments (EO, ICS, SCADA) that sometimes need to keep these systems for decades, factoring in the plant operation costs and the related specific equipment.

TEHTRIS EDR has been tested and deployed by some of our customers in industrial environments on Windows boxes that were not advertised by the manufacturers as supporting it. These customers could no longer imagine not having antivirus (not enough RAM, too old, etc.) or EDR (light and powerful but not officially supported by the OT manufacturer). So, they made agreements with the manufacturers, and they conducted some tests alone, with the help of TEHTRIS in background. For example, we are in factories with equipment from different brands like Siemens (Simatic, Simoton, WinCC, TIA, etc.).

TEHTRIS EDR can prohibit the use of external storage, or even set it to read-only to prevent deliberate or inadvertent exfiltration. TEHTRIS logs all traces of connected USB devices to provide traceability regarding these threats.

Cyber or not cyber ?

Once a month, receive the essential news and cyber watch by subscribing to the TEHTRIS newsletter.