IBM Security QRadar EDR

Anti-Exploit Technology

In-memory and application layer attack blocking (e.g. ransomeware)

Endpoint Detection and Response (EDR)

Continuous monitoring and response to advanced internet threats by endpoint agents.

Centralized Management

Centralized management supporting multi-factor authentication, customized views, and role-based access control.

Hybrid Deployment Support

Administrators should be able to choose endpoint security on-premise, cloud, or hybrid.

Infection Remediation

Capability to quarantine infected endpoint and terminate malicious processes.

Malware Detection

Detection and blocking of zero-day file and fileless malware.

Pre-execution prevention: Reviews file source code prior to full execution and stop files from running if malicious code is detected.

NanoOS: Each endpoint agent includes dual AI engines and NanoOS technology, which allows certain detection and autonomous operation capabilities even when endpoints are offline.

Attack visibility: Detects and correlates alert information, including an attack’s root cause, risk assessment, and MITRE ATT&CK framework.

Anti-ransomware: Analyzes file behaviors for detecting imminent attacks and stop malicious processes from executing.

Signature scanning: Uses heuristics and signature-based prevention.

Threat insights: Identifies potential threats with metadata-based analysis to expedite triaging and enable detection of an alert’s artifacts to discover new binaries as soon as they’re activated.

AI-driven Threat hunting: Enables real-time search for indicators of compromise (IOC), binaries and behaviors to facilitate the discovery of dormant threats.

Forensics: Enables remote gathering of forensic information to reconstruct an attacker’s activities.

Custom playbook: Creates custom-built detection response and remediation playbooks.

API access: Automates workflows and integrate with external platforms with Direct API access to ReaQta.