Genian EDR

Genian EDR is an endpoint detection and response solution that supports on-premises and hybrid deployments, designed for organizations requiring direct control over security data, policies, and response workflows. Detection and response occur locally at the point of execution, without dependency on external cloud processing. The solution is composed of three main components: - Genians Central Update Server: handles raw event storage, threat and anomaly detection, time series and root cause analysis, and customizable dashboards and reports. - On-Premises EDR Server: provides device auto-detection and classification, policy-based access control, network-layer isolation and remediation, wired/wireless authentication, user database integration, asset management, and IP address management. - EDR Agent: monitors endpoint activity (file, registry, process, DLL), sends collected data to the server, and enforces endpoint-layer responses including notifications, alerts, process termination, access denial, and endpoint lockdown. Threat detection uses IOC-based detection for known threats, machine learning for unknown threats, YARA for custom pattern matching, and X Behavior Analysis (XBA) for fileless threats based on non-file execution events. Investigation capabilities include behavioral and heuristic analysis, event timeline and chain-of-event correlation, third-party CTI integration, and live remote console access to compromised devices. Incident response automation supports alert remediation actions such as alarms, isolation, quarantine, and termination. Security orchestration is available via NAC integration, SIEM integration, RESTful API, SNMP, and Syslog. The Genian Ecosystem enables anonymous sharing of file reputations, whitelists, alerts, and malicious data among Genians customers.