EDR & MDR
Service of detection, analysis and response based on threat information collected from endpoint to deal with latest malicious behaviors
EDR (Endpoint Detection and Response) service is installed on PCs or servers for immediate detection and response to specific behaviors or signs of threats. Metadata is collected frequently from systems with EDR to analyze behaviors based on the mitre attack, the main attack framework, so that attack techniques can be detected and addressed.
MDR (Managed Detection and Response) is a notification service provided by the expert group that determines maliciousness of detected attacks and deals with them if the customer has difficulty with direct monitoring of EDR and taking actions.