According to reports, 360 EDR relies on the security big data, threat intelligence and attack and defense knowledge base provided by 360 cloud security brain, as well as the "carrier-level" big data processing and analysis technology driven by the core security brain. The company also regards 360 EDR as a "future-oriented EDR solution".
The current EDR products are expected to truly solve the advanced threats faced by terminals, such as APT, 0day, ransomware and so on. However, actual combat has proved that traditional EDR products face many pain points and cannot solve multi-scene security problems. For example, the traditional EDR products have insufficient storage and processing capabilities for massive data, which makes the overall threat identification of EDR an empty talk. For another example, many products do not have the knowledge base and security analysis ability summarized from actual combat, which makes it difficult to effectively use valuable data at the client. Moreover, some products lack flexible performance tuning and adaptive mechanisms, and collecting a large amount of endpoint information leads to the consumption of a lot of valuable resources of terminals and servers.
Therefore, in the company's view, there are some necessary and key capabilities, and the Polish EDR-360 has such a foundation. According to reports, first of all, at the level of terminal security products, 360 has 17 years of experience in terminal security attack and defense, and has accumulated a huge amount of network-wide security big data. After more than ten years of actual combat with various Trojans, APT families and 0day vulnerabilities, we have continuously polished the malicious behavior detection and response capabilities of the terminal, and accumulated comprehensive and meticulous terminal behavior detection technology. Therefore, in his eyes, the key capabilities that future-oriented EDR products should have include:
Massive big data storage and processing capabilities. Secure big data is the necessary foundation to support the construction of a wide coverage and high accuracy detection and defense model and discover the attacker's trace. In EDR, all kinds of security behavior data collected by endpoints are the core basis of terminal security defense, detection and response, and an important means to deal with APT attacks. It is an effective way and method to effectively defend and guarantee the terminal security by automatically and intelligently analyzing and operating the multi-dimensional and high-quality massive data, tracing the attack process and finding the source of vulnerabilities and attacks.
Comprehensive and professional safety analysis ability. EDR products need a variety of security detection and analysis technologies, which can analyze massive heterogeneous data and combine APT information of the whole network to ensure that all kinds of threats are completely visible. Because the clues of advanced threat attacks are often hidden in the similar behavior of conventional software running, detection requires the security analysis of massive terminal data and the ability of repeated detection of historical data, which require products to have strong big data calculation and analysis capabilities.
The ability of actual combat attack and defense confrontation. Based on the latest vulnerabilities, APT and other attacks, machine learning and automatic association analysis of big data are essential, but it is also very important to analyze and interpret the collected data sets manually. Security experts will conduct real-time and continuous tracking and analysis through security knowledge and professional skills, as well as threat detection and defense models based on years of actual combat, and provide security solutions for specific scenarios.
With the continuous evolution of offensive and defensive confrontation in the digital age, it has become a key ability to help enterprise users solve long-term security operation problems in the form of SaaS and intelligent EDR. By integrating cloud capabilities and terminal resources and exporting them to large, medium and small customers in the form of SaaS services, it has become a foreseeable trend for the new generation of EDR to deal with advanced attacks by enhancing the threat defense and threat confrontation capabilities of intranet endpoints and ensuring the smooth and continuous operation of various production and office services.
As a future-oriented terminal security product, the company said that the 360 EDR technology architecture is divided into three parts: terminal agent, EDR server and 360 core security brain. Among them, the terminal agent is the core component of 360 EDR. 360 EDR relies on the continuous empowerment of 360 cloud core security brain and the secure big data platform of 360 core security brain to give full play to the collection and disposal capabilities of terminal agents. At the same time, through the efficient data analysis engine of EDR server, the detection and suppression of advanced threats are finally realized.
In terms of effect, it believes that combining threat intelligence with 360 core security brain, 360 EDR has the following outstanding advantages in the product landing process: the whole network perspective based on massive security big data, complete security analysis ability and detection ability, high-quality data acquisition ability based on unique core crystal engine, SaaS and intelligence ability.