Malwarebytes EDR combines the prevention capabilities of Malwarebytes Endpoint Protection solution, and adds a variety of tools to detect, isolate, investigate, and remediate infections. Organizations get real-time protection from malware, ransomware, zero-day exploits, phishing and other threats, as well as protection from Brute Force Attacks that can grind operations to a halt. EDR is hosted on Malwarebytes cloud-based OneView platform, delivering centralized management, while minimizing the footprint of the agent residing on each endpoint. Part of what makes Malwarebytes’s detection capabilities so strong is the approach to continuous monitoring. Rather than search each endpoint and application for threats, Malwarebytes inverts the approach – training their machine learning to look for outliers, while recognizing the operating system and application software that actually belongs on each endpoint. The AI then investigates files or programs that fall outside of the known, approved software list to detect suspicious code. This makes detection more efficient, and more reliably altering users to threats, Potentially Unwanted Programs (PUPs) and Potentially Unwanted Modifications (PUMs). EDR supports Windows and macOS endpoints, with optional support for Windows and Linux servers via a separate server license, for cross-platform threat prevention and mitigation.

On the remediation side, Malwarebytes EDR solution isolates suspicious code at the network, process, or endpoint level, so that investigation can be done without further exposure to the organization if there is, in fact, an infection. Users are able to mitigate the spread of an infection, using accelerated investigation workflows to remotely and securely detonate malware in a sandbox environment. Malwarebytes EDR rounds out a NIST-aligned response and recovery solution with the Flight Recorder search tool and Forensic Timeliner (for Windows only) that allow investigation into what happened during the time of infection, including identifying residual artifacts and configuration changes that would need to be addressed. And complete recovery from ransomware would be impossible without our 72-hour Ransomware Rollback capabilities, which help customers return to a pre-ransomware state without the time-consuming task of reimaging machines or re-creating encrypted files. Altogether, Malwarebytes EDR includes endpoint protection that is proven to prevent threats, and when something gets through, Malwarebytes proven remediation monitors and remediates, with the Linking Engine as the final cleanup tool to ensure all residual artifacts are removed and any malware-induced configuration changes are undone.

As a cloud-based platform, Malwarebytes EDR is able to be extended with add-on OneView modules. These modules further strengthen prevention against specific threat vectors. Current modules include Vulnerability and Patch Management (VPM) to ensure software and OS vulnerabilities are identified and addressed, and DNS Filtering to protect against web-based attacks that can compromise web applications and end user productivity. Malwarebytes also offers Cloud Storage Scanning which protects files shared across collaboration platforms such as Box, OneDrive, Google Drive, and others.

Business Outcomes

  • Reduce helpdesk tickets related to malware by over 25%
  • Discover 40% more threats than traditional antivirus products
  • Complete scan and remediation process on over 1,000 endpoints in 15 minutes
  • Avoid as much as 30 days of downtime remediating cryptocurrency malware
  • Reduce infections as much as 90%, and completely preventing PUPs and PUMs
  • Easy for emerging cybersecurity users to learn and use
  • Forensic analysis capabilities to detect and guide thorough malware eradication
  • Successful rollback to a pre-ransomware state – up to 72 hours
  • Minimize time from threat detection to complete remediation and recovery
  • Help on the path toward regulatory/industry compliance
  • Demonstrate protection that aids cyberinsurance coverage/lowers cyberinsurance costs
  • Stop infections before they spread across the ecosystem
  • Remotely isolate and remediate infection – ideal for remote end users
  • Investigate suspicious activity/code without disrupting the end user
  • Deploy and begin protecting within a day
  • Present stronger cybersecurity posture to Execs and Boards, demonstrating good security posture
  • Streamline operations with an extendable platform that reinforces prevention through vulnerability assessment and patch management modules, DNS Filtering against web threats, and more

Messaging Map

Value Pillars Easy to deploy and use Prevent threats at the perimeter Fully remediate and recover to a pre-attack state Integrated platform to streamline operations
Description Malwarebytes EDR is a cloud-based deployment stands up within hours, and includes only a lightweight endpoint client, making it easy on memory footprint and network bandwidth. Endpoints include Windows and macOS devices, as well as Windows and Linux servers through our EDR for Servers license. As easy as it is to deploy, Malwarebytes EDR is equally easy to use. Alerts are color coded in red, easily getting user attention, and include high quality information about potential threats so that emerging security or IT users can understand and act swiftly. Every potential threat that is stopped at the perimeter avoids reactive firefights.  Proactive prevention in Malwarebytes EDR halts evildoers at the gates, freeing time for your team to work on other important projects. Inherent protection against brute force attacks, automated analysis of zero-day threats and other common infections is supplemented by expansion modules for the platform that can reinforce prevention from software vulnerabilities, web-based attacks, and more! Threat detection aligns with MITRE ATT&CK accelerated investigation workflows, helping users understand what is happening, where and how, with high-quality information that avoids “notification fatigue” while aligning to the MITRE framework. Malwarebytes EDR helps you align to NIST and ENISE guidelines for threat remediation and recovery. The 72-hour ransomware rollback provides a path to a pre-attack state, and the unique Linking Engine helps ensure thorough removal of infections, related artifacts, and any configuration changes threats may leave in their wake. Malwarebytes EDR includes powerful tools for more advanced security and IT users to perform forensic analysis and advanced threat hunting – tools that can be operated by a Managed Service Provider, or learned as emerging internal talent gains cybersecurity skills. Go beyond endpoint protection with EDR platform modules that reinforce prevention. Malwarebytes modules activate in minutes, providing advanced visibility into software and operating system vulnerabilities so we can act swiftly to patch against exploits. Malwarebytes DNS Filtering module offers greater control over web content access, so we can provide a safer, more productive web experience for your end users while protecting the web-based applications that run your operations. Malwarebytes modules for our EDR platform make it easy to increase prevention against breaches within the same cloud interface trusted for detection and remediation. No “swivel chair” cybersecurity management here!

Why Change?

  • Current EDR is too complicated
  • Existing EDR failed to prevent threat and fully remediate
  • Stepping up to EDR from a pure incident response and/or endpoint protection product
  • Need to satisfy regulatory compliance or cyberinsurance requirements
  • Too many and too complex tools and vendors to manage

Why Now?

  • Attacks are on the rise, accelerating with international conflicts and supply disruptions
  • Existing EDR subscription is renewing soon; need to change
  • Mopping up a mess after an attack that current EDR product isn’t equipped to handle
  • Expanding IT/security team and need something junior-level teammates can learn quickly
  • Executives and Boards are requesting more confidence insights on cyber risk mitigation

Why us?

  • Effective: Powerful detection and remediation; shown by Malwarebytes MITRE ATT&CK performance
  • Extendable platform, so we can reinforce prevention through vulnerability assessment and patch management modules, DNS Filtering against web threats, and more
  • Malwarebytes Linking Engine is globally recognized for effective, thorough eradication of malware, its artifacts and config changes; offering confidence that when a threat is removed, it’s really gone
  • Easily deploy Malwarebytes cloud-based security platform in under a day, add current modules immediately, with more to come. No downtime for your customers.