Secdo, which specializes in automated endpoint security and incident response technology, has announced support for macOS. The company says its approach “brings a number of long-awaited firsts among endpoint detection and response providers who lack feature parity for organizations faced with growing numbers of Mac users.”
Combining thread-level visibility with a behavior based assisted learning engine, Secdo is a solution that automatically detects new threats and investigate every security alert from any source. It creates a “force multiplier” for security teams while dramatically improving the operational backlog for discovery and recovery of internal and external threats. With the addition of the Mac agent, Gil Barak, chief technical officer and co-founder of Secdo, says the company brings the following innovations to the endpoint detection and response market, including:
- The first platform with complete feature parity across Windows, Linux and now Mac for threat hunting, detection, forensic investigations and response;
- The first agent that monitors all activity at the thread-level allowing process threads to be tracked independently providing greater clarity;
- The only platform that retains all endpoint activity for over one hundred days, more than the average dwell time of a breach , while ensuring no usability limitations at scale;
- The only platform that incorporates Behavioral Indicators of Compromise (BIOCs) for signature-less custom detection of advanced threats based on attack methodology;
- The only endpoint platform that correlates Mac data with third-party and SIEM security events mapping the attack timeline and reducing alert triage time to seconds;
- The only platform that automatically investigates any third party and SIEM security events creating a complete picture of the attack with detailed forensic data and reducing incident investigation time to minutes;
- The only platform with a scalable response center allowing both live actions (reverse shell, screen capture, task and file manager, etc.) and home-grown utilities to be run remotely, and
- The only agent/sensor with consistent near zero impact on performance with continuous monitoring and collection.