Recently, CCID Consulting released the "China Terminal Security Detection and Response Product Market Research Report (2022)".
The report shows that in 2021, 360 Digital Security Group will lead China's terminal security detection and response product market with a 10.8% share by virtue of its years of experience in the terminal security field and its first-mover advantage.
(Market Distribution of Terminal Security Detection and Response in China in 2021)
The CCID report pointed out that terminal security is an important node in the overall security system of an enterprise.
The evolution of terminal security products has gone through three stages, from terminal antivirus software to terminal protection platform (EPP) to terminal security detection and response (EDR).
Before the emergence of the EDR concept, EPP could respond to and deal with known threats, but lacked real-time detection and response capabilities and the ability to prevent unknown threats.
As an important supplement to traditional terminal security protection products, EDR is effectively integrated with EPP to realize security defense throughout the life cycle, forming a closed loop of disposal, and has become the main choice for terminal management needs of many government and enterprise customers.
360 EDR, as a new generation of terminal security management platform integrating EPP and EDR, has taken the lead in realizing "advanced", integrating cloud capabilities and terminal resources to export to customers in the whole industry in the form of SaaS services, and has become a platform to enhance various endpoint threat defenses and threats. "Required" for confrontation capabilities.
360 EDR: A weapon for terminal security defense in the digital age
Relying on the intelligence empowerment of 360's network-wide digital security brain and the cloud-local dual-stack architecture, coupled with more than ten years of experience in terminal security combat, 360 EDR gives full play to 360's advantages in data, intelligence, and expert teams, covering collection, detection, The four stages of response and prevention help customers see threats and perceive risks at the first time, and realize rapid response and defense against attacks.
The 360 EDR console has real-time intelligent analysis capabilities of millions of terminals and hundreds of billions of data. Combined with multiple APT organization intelligence and hundreds of millions of terminal protection experience discovered by 360, it can quickly discover various attack traces and cover memory attacks. , network attack, system attack, vulnerability exploitation, lateral penetration and other scenarios.
For high-risk alarms, 360 provides rapid response mechanisms such as real-time terminal network isolation, risky process detection and killing, and distribution of disposal scripts.
Relying on comprehensive terminal behavior collection, customers can complete rapid source tracing and analysis, and strengthen the security of the entire intranet terminal through preventive measures such as high-risk vulnerability immunity, system security reinforcement, and custom security policies.
(360 EDR)
Combining more than ten years of practical experience in terminal security, 360 EDR is based on innovative security technologies such as the core crystal engine and QVM engine, and accurately and comprehensively collects hundreds of types of security behavior events, effectively improving data detection capabilities while resisting APT bypass attacks And security operation analysis effect.
Relying on the coverage of 1.5 billion terminals, 360 gathers multi-dimensional, high-precision, high-quality security big data, and with exabyte-level big data storage and processing capabilities, real-time perception of global network-wide security events; The intelligent analysis capability of APT realizes the discovery, retrieval and association of advanced threats; based on the years of offensive and defensive experience of the world-class security expert team, through the cooperation of the system and people, it can capture abnormal behavior, analyze attacks, respond in time and automatically intercept the formation closed loop.
Realize intelligent second-level response in the cloud, and strengthen the terminal security defense line.
In the future, EDR will move toward intelligence and SaaS
Currently, the terminal security market is transitioning from passive defense to active defense, and the domestic EDR market is still in its infancy.
The CCID report believes that SaaS-based EDR will become one of the most effective protection methods for terminals in the future.
The terminal security protection system based on the cloud perspective can enable various terminal security events to form extensive data linkage with cloud big data, and realize effective security capabilities from island-style and passive single-point protection to active and global defense-in-depth. sequential evolution.
In addition, EDR products will also rely more on the capabilities of security big data, security experts, and security knowledge bases. Automated orchestration and response will play an important role in future terminal security. Artificial intelligence and big data technologies will promote the upgrading of EDR capabilities. Intelligent evolution.
360 EDR has always been light-weight and intelligent-oriented, and is committed to building a future-oriented terminal security defense system.
On the one hand, 360 EDR supports lightweight SaaS deployment on the cloud, helping users realize the storage, processing, analysis and rapid response to threat attacks of security big data, and at the same time supports security experts to carry out active threat hunting in real time; on the other hand, based on With the technological improvement brought by knowledge graph and artificial intelligence, 360 EDR is also more intelligent, which can automatically classify and respond to massive security incidents.
In addition, 360 EDR also supports cloud-local dual-stack deployment. Facing an isolated network environment, 360 EDR supports users to connect to cloud services at any time while performing localized deployment flexibly.
In the future, 360 EDR will continue to provide users with the most powerful and comprehensive security analysis capabilities, attack traceability capabilities, visual presentation capabilities, rapid response capabilities, joint defense linkage capabilities, customized security operation capabilities, and rich subscription services to help users Improve security risk identification, protection, detection, response, recovery and other capabilities.
A few days ago, 360 released a SaaS service application store to further empower the digital transformation of small, medium and micro enterprises and physical industries, and contribute 360 solutions to the digital age.