Talk With an Expert

Examining OpenEDR’s Effectiveness as an EDR Solution

Examining OpenEDR’s Effectiveness as an EDR Solution (PDF, 3.16MB)Published: 11 Aug, 2021
Created by
Christian Vrescak

Today’s cyber threat ecosystem frequently leaves defenders bested by their adversaries due to a lack of endpoint visibility. This deficiency leads to undetected attacks leaving organizations at the mercy of attackers. To solve this issue, Endpoint Detection & Response (EDR) tools were created to provide endpoint visibility and equip defenders to defeat their attackers (CrowdStrike, 2020a). Unfortunately, while these tools can make a difference for defenders, the price of commercial solutions may make them unattainable for many organizations (Infocyte, 2021). Comodo’s OpenEDR collects information about system activity, including process creations, network connections, file creations, among other artifacts (Metin, 2020). This paper examines the effectiveness of OpenEDR as a free and open-source EDR solution in providing adequate visibility into Windows endpoint activity to detect attacker techniques, including those listed in MITRE’s ATT&CK® knowledge base.