EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

5 Questions to ask About Your EDR – "Visibility"

Could you be a more effective service provider if your EDR solution provided more complete visibility for your entire fleet?

EclecticIQ Endpoint Security Team April 21, 2022

5-value-questions-1

This is part I in a series on some capabilities you should look for in your Endpoint Detection and Response (EDR) solution. Why? Well, a recent SANS survey entitled Modernizing Security Operations [registration required] found that EDR is the most effective technology used in Security Operations. It’s important for gaining visibility into your clients’ environments, which is key to your SOC effectiveness.

But how do you choose an effective EDR solution? If you already have an EDR solution at work for you, you may already have some areas in mind where you’d like to see improvement. If you’re looking to add EDR to expand your services, you may have an initial list of criteria. Either way, this series should help you round out your list. Let’s examine one aspect: getting sufficient cross-platform visibility across your clients’ environments.

Real-world environments are diverse. Real-world environments are composed of a combination of workstations and servers, a mix of operating systems, and include physical, virtual, and cloud-based machines. It’s difficult to get a single homogeneous view of what’s happening in such diverse environments. Having machines with different agents, machines without agents, and machines which frequently are offline leaves gaps in your visibility, which means gaps in your security and effectiveness. Without a holistic, standardized, and continuous view into your environment, you risk undetected compromises.

In December 2021 SysJoker, a new backdoor malware, targets Windows, macOS, and Linux. Existing anti-virus engines could not detect SysJoker on Linux and macOS machines but could on Windows. Malware can exist in an organization’s environment undetected by their antivirus software for an extended period. Simply using the same brand of antivirus on all machines doesn’t guarantee you’re using the same underlying software or getting the same protection on all platforms. Many solutions have completely different agents for different operating systems. They may look the same on the surface but actually provide extraordinary levels of visibility and protection.

Besides the challenge of effectively protecting various operating systems, there is the challenge of endpoints which are often offline. With the work-from-home trend gaining popularity, this is becoming an increasingly important issue. Gaining consistent visibility into these machines can only be accomplished by capturing data on the endpoint itself, to be analyzed when the machine reconnects.

The EclecticIQ EDR leverages one agent on all endpoints, including workstations and servers, that gives you the most comprehensive and uniform view of activity on the endpoints in your environment. The agent supports Windows, macOS, and Linux on physical, virtual, cloud-based, and Docker containers. The EDR agent supplements the data collected by osquery with additional telemetry valuable to endpoint detection and adds the most flexible response capabilities available in an EDR solution today.

A lightweight open-source osquery component enhances the collaborative strength. Osquery is written in low-level C and C++ and then cross-compiled for native operation on different platforms. That means that the same code is running natively on Windows, macOS, Linux, and BSD endpoints. Initially created by Facebook (now Meta) for internal use, hundreds of developers who have produced over 110 releases have refined osquery over eight years. You can use the same solid, mature, proven agent on all endpoint operating systems.

This combination gives you the most uniform view possible into your entire environment in one tool, which means uniform alerting and a single workflow, making you a more effective security service provider.

Be sure to come back and read the next part of this 5-part series on what questions you should ask when selecting or upgrading your EDR solution. Part II is coming soon. While waiting, you can read our whitepaper 5 Questions to ask About Your EDR Solution.

To learn more, visit EclecticIQ Endpoint Response or contact info@eclecticiq.com

You might also be interested in:

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo