TEHTRIS EDR automatically detects and neutralizes known and unknown threats in real time
For about thirty years, security was limited to a few elementary axes, relatively simple but effective in the fight against standard everyday threats. After the summer of 2003 and the MSBlast worm that contaminated millions of Microsoft operating systems, three new Windows security options became essential: system updates, firewalls and a running antivirus.
This model emerged as the “dominant design” of cybersecurity: a firewall and a few tools for the periphery, an antivirus and some options for inside the infrastructure. The Internet has become populated with “crunchy” networks, i.e. with a “hard” shell (perimeter security) and “soft” inside, not to mention the interconnection of all systems: telephones, connected objects, etc. The Internet itself has also become a “crunchy” network. A technological debt of cybersecurity exists, and all TEHTRIS solutions are precisely there to be able to fight and help protecting assets efficiently.
TEHTRIS EDR is one of the pioneers and creators of the EDR wave of the future. That wave aims to install thousands of EDR agents in less than 24 hours, can detect stealthy espionage operations without weapons or malware, knows the techniques used by hackers and builds the answers in advance.
TEHTRIS EDR is a solution delivered in SaaS mode, through the cloud, with a desire to anticipate, prevent, detect and react at the cybersecurity level. We believe in the convergence of the EDR and EPP technologies, for a common and calculated mission of endpoint protection, with combined technical functions. TEHTRIS EDR is also part of a logical transformation, by proposing a TEHTRIS EPP agent as well, in order to streamline the technological layers: installation, configuration, maintenance, consistency in the logs and so on.
In machine learning or deep learning mode, low-level surveillance builds a knowledge base of normal behavior to better distinguish attackers, their tools and methods, offering a strong competitive advantage over traditional or stealthy attackers.
TEHTRIS goes further than other solutions, since in the absence of human operators, its active defense systems can be configured to automatically respond 24/7 to any attack, even unknown, following predefined criteria and policies, from the raising of an alert to automated and immediate neutralization.
Direct sanctions are imposed on all attackers, who must take the risk of losing their tools and having their offensive methods stolen, which will then be recognized worldwide.
TEHTRIS EDR prioritizes field efficiency in analyzing the numerous incoming attacks that are becoming increasingly stealthy and sophisticated.
A trademark of TEHTRIS, we also work with our customers and partners, as part of our open innovation process. Their technological and organizational feedback feeds our innovation roadmap. Our goal? Always provide the best possible service.
In 2013, TEHTRIS created a cybersecurity engine called “ADS”, in reference to more than fifteen years of research work on active digital security, leading to a disruptive HIPS-type agent, an Endpoint Detection and Response solution long before the arrival of these products and their official names on the market.
Here is the current list of supported platforms. Changes may occur in the future. |
| Operating System | 32bits | 64bits |
|---|---|---|
| Windows XP | Compatible | Untested but designed for compatibility |
| Windows Server 2003 | Compatible | Untested but designed for compatibility |
| Windows Server 2008 | Compatible | Compatible |
| Windows Server 2008 R2 | Compatible | Compatible |
| Windows Server 2012 | N/A | Compatible |
| Windows Server 2012 R2 | N/A | Compatible |
| Windows Server 2016 | N/A | Compatible |
| Windows Server 2019 | N/A | Compatible |
| Windows 7 | Compatible | Compatible |
| Windows 8 | Untested but designed for compatibility | Compatible |
| Windows 10 | Untested but designed for compatibility | Compatible |
| macOS Sierra | Compatible | |
| macOS High Sierra | Compatible | |
| macOS Mojave | Compatible | |
| macOS Catalina | Compatible | |
| CentOS Linux 5.3 | Compatible | |
| CentOS Linux 5.11 | Compatible | |
| CentOS Linux 6.9 | Compatible | |
| CentOS Linux 7.5 | Compatible | |
| Ubuntu Linux 8.04 Hardy | Compatible | |
| Ubuntu Linux 14.04 Trusty | Compatible | |
| Ubuntu Linux 16.04 Xenial | Compatible | |
| Ubuntu Linux 18.04 Bionic | Compatible |
MITRE ATT&CK is a knowledge base with a modeling of the behavior of a cyberattacker, illustrating all phases of a cyberattack’s life cycle in relation to targeted platforms: Windows, macOS, Linux, mobile devices and so on.
Find out how TEHTRIS is compliant with MITRE ATT&CK
© 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
TEHTRIS EDR has several functions to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of having to depend on a human team that might be missing elements.
TEHTRIS EDR searches for more than 11,000 CVE vulnerabilities, which can sometimes uncover elements that were entirely invisible, such as machines that are vulnerable because of an old Java, Adobe Reader, or Flash engine, forgotten or installed in “legacy” mode. You can thus deploy TEHTRIS EDR to audit your IT assets, without consuming excessive resources, and thus have the ability to ensure the compliance of your IT assets: patch management policy, risk aversion criteria and so on.
TEHTRIS EDR has a kernel driver that allows it to modify the behavior of the operating system, so that unwanted execution will not be possible. Even ransomware that is unknown, signed, stealthy or malicious could not execute if you decide to configure these policies.
TEHTRIS EDR has several protections against ransomware: blacklists in our CTI database that enrich the choices of EDR agents, application security policies to authorize only what you want, honeytoken-type concepts with fake files that a ransomware will want to destroy while being detected (file-type decoy), and many behavioral mechanisms, like the attack of certain points of the hard drive, for example.
TEHTRIS EDR has several means to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. It is a true tactical SIEM, that is local, capable of knowing whether a session is interactive or not and remote or not, in order to track such attacks.
TEHTRIS EDR embeds a highly sophisticated analysis engine capable of differentiating between a legitimate product and an illegitimate one, in PowerShell terms, by analyzing the code executed on the fly so as not to miss one of the many modern, stealthy attacks associated with it.
TEHTRIS EDR provides its own protection through layers that are directly in the Windows kernel, via a low-level driver, so that it cannot be uninstalled outside of an authorized centralized decision. It is not possible to remove the agent.
The analysis of malicious URL links with C&C lists, etc. is mainly conducted by the TEHTRIS EPP product. However, we can do targeted searches for these threats with TEHTRIS EDR in hunting mode.
TEHTRIS EDR continues to operate with its security policy already loaded when it goes offline. It then stores the events that it will report upon reconnection to its endpoint appliance. Of course, throughout this phase, the risk of intrusion without a network connection seems to be reduced, since TEHTRIS EDR can also contain USB attacks for example.
TEHTRIS EDR may request the TEHTRIS Cyber Threat Intelligence module of TEHTRIS XDR Platform, to perform sandbox scans, offline antivirus scans, neural network engine scans, or malware knowledge base searches.
TEHTRIS has many elements related to artificial intelligence and automatisms associated with the cyberworld. In machine learning mode, TEHTRIS EDR learns all the executions in your infrastructure in order to detect anomalies, as well as the persistence points used by hackers to survive a reboot or reconnection. In deep learning mode, TEHTRIS EDR has a compact neural network-based engine that can tell if software is malicious or not. This engine is also used in TEHTRIS Cyber Threat Intelligence. The latter is the first French product accepted by Google on its free service VirusTotal, where a public and non-commercial version is constantly running in search of unknown malware.
TEHTRIS EDR natively uploads at-risk files back to its infrastructure so that the payload can be detonated in a Sandbox environment. Robots plan and control the execution, analyze the results, and return the right information back to the EDRs on their own, so they can make a decision.
To put it simply, EPP is the next-generation antivirus tool that protects the OS against known attacks. It is the real system shield. EDR solutions are used to detect unknown threats and handle security issues remotely with a range of incident response functions. TEHTRIS believes that EDR and EPP products will soon merge and become one tool through a necessary technological convergence. The existence of an EDR market was only necessary because they filled technical gaps on the EPP side. In a future that is already beginning, companies will choose one product, an endpoint protection solution, combining EDR and EPP features, to avoid agent issues. TEHTRIS EPP and TEHTRIS EDR are already available for this purpose.
We must choose the criteria that allow neutralization by software robots. It’s a risky action, that some EDR solutions don’t want to offer for fear of breaking everything. Unfortunately, the day an unknown ransomware comes in, such products, which are only used for response and analysis, will only be able to say that they have understood why the company is being destroyed (not helpful at all). This is not our philosophy and we prefer to offer automatic neutralization, carefully and properly configured. Depending on the aspect of the unknown software, you will be able to decide whether to let it go or not: behavior, sandbox results, antivirus results, antivirus databases results, etc.
For mobile devices, we offer another range of products, called Mobile Threat Defense, different from TEHTRIS EDR. Check out our TEHTRIS MTD product page.
We collect metadata in a way that is compatible with the GDPR, and we will be able to exchange on these elements if you wish.
If your EPP agent plays at killing security software protecting your infrastructure, there might be a problem with the EPP settings or even the product. Currently, for all customers who do not have TEHTRIS EPP, and who have been using TEHTRIS EDR since 2014, we have encountered a total of zero conflict issues with other EPP brands.
A TEHTRIS EDR agent can be instructed so that its host might only accept outbound network flows to its management appliance, so that a SOC can quietly study its host, without taking the risk of lateral movement or internal exploration.
TEHTRIS EDR runs on Linux, Apple macOS and Windows.
TEHTRIS EDR collects and analyzes security logs from workstations, providing a so-called tactical SIEM capability, in order to keep very interesting events for cybersecurity analysts.
TEHTRIS EDR uses less than 1% on average on the CPU, and less than 100Mo to 200Mo in RAM, depending on the settings you want to setup: loading the neural network in memory or not, etc….
TEHTRIS EDR supports obsolete Windows operating systems, such as Windows XP and Windows Server 2003, which we encounter very often, especially in industrial computing environments (EO, ICS, SCADA) that sometimes need to keep these systems for decades, factoring in the plant operation costs and the related specific equipment.
TEHTRIS EDR has been tested and deployed by some of our customers in industrial environments on Windows boxes that were not advertised as supporting it, by the manufacturers. These customers could no longer imagine not having antivirus (not enough RAM, too old, etc) or no EDR (light and powerful but not officially supported by the OT manufacturer). So, they made agreements with the manufacturers, and they conducted some tests alone, with the help of TEHTRIS in background. For example, we are in factories with equipment from different brands, like Siemens (Simatic, Simotion, WinCC, TIA…), etc.
TEHTRIS EDR can prohibit the use of external storage, or even set it to read-only to prevent deliberate or inadvertent exfiltration. TEHTRIS logs all traces of connected USB devices to provide traceability regarding these threats.
Can we dream of a fully automated XDR Platform? Yes, we can! XDR platforms are our response to the increasing sophistication of the tools and tactics cyber attackers use, that render anti-virus programs and other traditional cybersecurity solutions helpless. XDR makes a case for a more holistic cybersecurity approach that
Covid-19 & Cybersecurity : How to safeguard your data with remote workers Hackers and attackers feed on our fears. Anything that escalates our anxiety is their weapon, which is what makes the current pandemic of COVID-19 prime time for cybercriminals to try and trick people into giving their money to
EDR – COVID-19: TEHTRIS MAKES A COMMITMENT COVID-19: TEHTRIS EDR PROTECT HOSPITALS WORLWIDE Our country and our world are shaken by the current health and economic crisis. In response to the COVID-19 coronavirus pandemic, Cedric O, Secretary of State in charge of Digital Affairs within the French government, has launched
