Remediating incidents

Endpoint Detection and Response (EDR) enables you to remediate entire incidents, or the individual attack points of an incident.

By remediating an entire incident, you can choose the remediation(s) that you want to execute globally on the incident. If you need to manage the incident in more granular detail, you can remediate individual attack points as required. For example, you may want to isolate the network of a workload to stop lateral movement or command and control (C&C) activities; this ensures that even though the workload is isolated, all Acronis Cyber Protect technologies are still functional and an investigation can be launched.

EDR ensures effective remediation by:

• Mitigating - to ensure the threat is stopped.
• Recovering - to ensure services are back online immediately.
• Preventing - to ensure techniques used in an attack are prevented in future attacks.