RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for vendors, users and practitioners to innovate, educate and discuss around the current security landscape.


The EDR market has emerged to satisfy the need for faster detection and response to Advance malwares attacks that bypass perimeter and other traditional security controls. An EDR tool has the capability to detect security incidents, either via monitoring endpoint activity or by leveraging IOC’s from externally fed sources, Investigate security incidents, via historical analysis of endpoint states to determine the damage caused for business, and remediate security incidents, by removing the malware, isolating the system to prevent malware spread , and restoring the system to previous known good state etc.


Here are top 6 emerging vendors to watch out for in Endpoint detection and response technology



Cybereason an Israeli cyber security company uses behavioral correlation to detect anomalous action and provide realtme threat detection. Cybereason deploys endpoint sensors which collects data to be fed to centralized server which can either be deployed on-premise or can be cloud based. Centralized management console provides investigation and forensics capabilities for any security incidents.


To Know More: Visit Cybereason Deep Detect & Respond Product Page



Carbon Black is a dedicated EDR tool vendor leading the new era of endpoint security to protect against advance attacks. Carbon Black continuously records all endpoints activities  such as  all execution events, memory events, file and registry  modifications, network connections and store them centrally for their analysis. It uses methods such as matching against IOC’s and behavioral monitoring to protect against threats. carbon Black server can be deployed either on-premise or on cloud.


To Know More: Visit Carbon Black Defense Product Page


(Read More: What Is Next-Generation Endpoint Security and Why Do You Need It? (RSA Conference 2016) )


Crowdstrike Falcon host is software as a Service (SaaS) based platform for Endpoint detection and response. Endpoints sensors are available for Windows, Linux and Mac OS’s which collect all the endpoint activities and relays the data to cloud for its analysis.


To Know More: Visit Crowdstrike Falcon Host Product Page


Bromium utilizes micro-virtualization technology to protect against the exploits. Bromium runs content (HTML, Flash, Java, office doc, pdf’s etc) in a microvisor isolated from the core OS kernal. This enables users to click on anything without risk of compromise.


To Know More: Visit Bromium Advanced Endpoint Security Product Page



Endgame Detect and respond Platform protects enterprises from attacks such as , APT’s, Privileged escalation, in-memory fileless attacks etc. Endgame’s Hardware Assisted Control Flow Integrity (HA-CFI) stops adversaries before any code is executed, Endgame MalwareScore™) instantly indentifies known and unknown malicious files using machine learning and In-Memory attack detection stops attackers from hiding in memory to evade detection, preventing fileless attacks.


To Know More: Visit Endgame Vendor Page



SentinelOne’s next-generation endpoint and server protection uses several layers of attack prevention, including behavior detection and machine learning, to stop attacks that other vendors simply can’t. It also provides unparalleled threat visibility at a minimum system impact.


To Know More: Visit SentinelOne Endpoint Protection Platform Page

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)