Products

AhnLab EDR EPP

AhnLab EDR is an Endpoint Threat Detection & Response (EDR) solution designed to precisely detect and actively respond to advanced threats, as well as support proactive threat hunting.
AhnLab EPP is a next-generation endpoint protection platform that enables systematic and efficient endpoint threat management and response by organically integrating and operating various security functions.

EDR

AhnLab EDR – Precise Detection, Professional Analysis, Powerful Response

AhnLab EDR is an endpoint threat detection and response (EDR) solution designed to detect sophisticated threats accurately, respond effectively, and support proactive threat hunting. Based on Korea’s only behavior-based analysis engine, AhnLab EDR provides strong threat monitoring, analysis, and response capabilities in endpoint environments. Recognized for its excellence in the MITRE ATT&CK evaluations, AhnLab EDR enhances expertise across the entire threat detection and response process through MDR (Managed Detection & Response) services.

Our approach

Synergy of Comprehensive Detection (D) and Powerful Response (R)

AhnLab EDR contributes to establishing a solid corporate security system by actively tracking threats based on its verified detection, analysis, and response capabilities assessed by the MITRE ATT&CK framework.

Customer-Driven Operational Optimization

With the dedicated ‘AhnLab EDR Analyzer’ console, users can quickly identify both existing and potential threats, enabling precise analysis and rapid response.

Sophisticated Threat Detection and Analysis

AhnLab EDR leverages a dedicated EDR engine to finely detect endpoint threats and visualize them intuitively, allowing users to grasp the context of threats. It also provides optimal countermeasures through expert cause and background analysis.

Professional Analysis and Response Services

AhnLab offers MDR services where security experts systematically analyze and respond to endpoint security threats targeting organizations, enabling effective threat detection and response.

Differentiated Features Through Outstanding Threat Analysis Capabilities

Diagram & Timeline Analysis

Visual breakdown of 16 threat types based on MITRE ATT&CK standards, including entry points, key behaviors, correlations, risk levels, and threat intelligence links.

User-Defined Behavior-Based Rules

Allows dynamic/static condition definitions for customized detection and automated response.

Flexible Integration

Seamless operation with AhnLab EPP, V3, TIP, and MDS to enhance threat analysis and response.

Key Behavior Analysis

Categorization by MITRE ATT&CK Techniques and Sub-Techniques, offering detailed behavior info, risk levels, and threat data.

Proactive Endpoint Threat Response

Supports artifact and file collection, network isolation, rollback, and process termination for active threat mitigation.

Multi-Dimensional Threat Detection & Response Monitoring

AhnLab EDR provides ▲threat status ▲and recent threat detection information through its dashboard, enabling real-time monitoring of the latest threat processing status along with newly detected threat data.

Additionally, it offers ▲various statistics of detected threats, ▲top threat information, and ▲threat trend data, allowing users to intuitively analyze and monitor detected threats from multiple perspectives.

  • Threat status and recent detection information
  • Various statistical information of detected threats (by severity, detection type, and entry path)
  • Top detected threat information (by process, host, and key behavior)
  • Threat trend data (by behavior type, detection type, and severity)
  • Latest threat intelligence (when integrated with AhnLab TIP)

EPP

AhnLab EDR – The Core of Integrated Endpoint Security

AhnLab EPP is a next-generation Endpoint Protection Platform (EPP) focused on threat management and response. With a single agent and single management console, it enables efficient management of complex endpoint environments and effective countermeasures against increasingly advanced security threats.

Our approach

Beyond Point Solutions to an Integrated Security Platform

Based on AhnLab EPP’s One Agent and Single Management Console, organizations can seamlessly integrate and operate multiple functions such as antivirus, patch management, personal data leakage prevention, vulnerability inspection and remediation, and even Endpoint Detection & Response (EDR), enabling simplified and unified security management and operations.

Optimized Threat Management and Response Platform

Through the integration of various security solutions ranging from anti-malware to EDR, customers can establish proactive threat monitoring and response policies. It also provides dynamic security policies and action plans tailored to business environments or security requirements.

Efficient Endpoint Integrated Management

By using a web-based admin console and a variety of management features, operational convenience is enhanced. It allows for unified and efficient integrated security management through a single console and a single agent.

Flexible Scalability and Operational Stability

It supports various system configurations according to the customer's environment, and provides easy server expansion through a parallel architecture. It ensures operational stability through load balancer-based architecture and can be integrated with third-party solutions to expand the threat response system.

Systematic Integrated Threat Management and Response

Interlinked Policies Between Security Products

By setting interlinking policies among various security products, it provides proactive response functions, reduces security complexity, and maximizes effectiveness.

Virtual Group and Custom Virtual Group Configuration

With virtual groups (risk group, duplicate group, monitoring group, exception group, patch test group) and user-defined virtual groups, flexible management and operation of endpoints is possible.

Role-Based Account Settings

It provides various administrator role settings and detailed user-defined management based on profiles, enabling management and control by role.

Customizable Dashboard/Report Provision

Custom dashboards and reports are provided, allowing only the necessary information for operation to be defined and utilized, enhancing operational convenience.

Threat Information Collection and Remote Control

Threat information collection and remote control management of endpoints enable administrators to operate security and control systems centrally.

Unified Visibility Through Linked Solutions

AhnLab EPP provides a method to monitor and manage the status of operating EPP servers through the dashboard’s ▲alert notifications and ▲abnormal server status information. In ▲today’s activity status, administrators can check the major tasks executed on the server throughout the day, and through ▲agent status information, they can monitor the changes in agent status over time using date-based trend graphs.

Through ▲issue-detected agent status, administrators can immediately identify the number of agents requiring action based on predefined conditions, and receive key information for more efficient management through individual dashboards of the integrated security products.

When clicking on any figures or data, users are immediately redirected to the detailed pages for “Management” and “Log”, where they can thoroughly review the status information of servers, agents, and endpoint security products.

  • Attack attempts, intrusions, and C&C server detection status
  • Detection trends of malicious files, abnormal traffic, and malicious URLs by risk level
  • Recently detected files, abnormal traffic, and malicious URLs
  • Detection status & direct access to detailed threat data