Benefits
Unified Threat View
Correlate endpoint threats with runtime container and cloud activity
Cross-Platform Detection
Detect attacks that span endpoints, containers, and cloud infrastructure
Enhanced Context
Enrich EDR alerts with container and cloud runtime context
Coordinated Response
Orchestrate response actions across endpoint and cloud environments
Supported Integrations
Microsoft Defender
Microsoft Defender
Status: AvailableView Setup Guide →Connect with Microsoft Defender for unified Windows and cloud security.Key Features:
- Windows endpoint detections
- Azure workload protection
- Threat and vulnerability management
- Incident correlation
CrowdStrike Falcon Insight
CrowdStrike Falcon Insight
Status: AvailableView Setup Guide →Integrate with CrowdStrike Falcon Insight for advanced endpoint detection and response.Key Features:
- Endpoint detection data
- Container runtime protection
- Threat intelligence feeds
- Automated response actions
SentinelOne Singularity
SentinelOne Singularity
Status: AvailableView Setup Guide →Integrate SentinelOne Singularity for AI-powered endpoint protection and response.Key Features:
- Endpoint detections
- Behavioral AI analysis
- Automated remediation
- Deep visibility data
Sophos Endpoint
Sophos Endpoint
Status: AvailableView Setup Guide →Connect Sophos Endpoint for comprehensive endpoint protection and response.Key Features:
- Endpoint threat detection
- Deep learning malware protection
- Exploit prevention
- Active adversary mitigations
Tanium EDR
Tanium EDR
Status: AvailableView Setup Guide →Integrate Tanium EDR for real-time endpoint visibility and response.Key Features:
- Real-time endpoint data
- Threat detection and hunting
- Incident response
- Compliance monitoring
MalwareBytes ThreatDown
MalwareBytes ThreatDown
Status: AvailableView Setup Guide →Connect with MalwareBytes ThreatDown for advanced malware detection and removal.Key Features:
- Malware detection and removal
- Ransomware protection
- Exploit mitigation
- Real-time threat intelligence
Use Cases
Container-to-Host Attacks
Container-to-Host Attacks
Detect when container compromises attempt to escape or affect the host system.Correlate container runtime activity from RAD Security with endpoint detections from your EDR.
Lateral Movement Detection
Lateral Movement Detection
Identify lateral movement that spans endpoints and containerized workloads.Track attacker progression across your hybrid infrastructure with unified visibility.
Supply Chain Attacks
Supply Chain Attacks
Detect compromised software components affecting both endpoints and containers.Identify when malicious dependencies or images are deployed across your environment.
Coordinated Incident Response
Coordinated Incident Response
Respond to incidents across endpoints and cloud workloads from a single platform.Execute containment and remediation actions coordinated between EDR and RAD Security.
Integration Architecture
RAD Security can integrate with EDR platforms through:1
API Integration
Bi-directional API integration for event sharing and response orchestration
2
Event Streaming
Stream EDR events to RAD Security for correlation and analysis
3
Threat Intelligence
Share indicators of compromise (IoCs) between platforms
4
Response Actions
Trigger EDR response actions based on container and cloud detections
Getting Started
1
EDR API Access
Generate API credentials in your EDR platform with appropriate permissions
2
Add Integration
Configure the EDR integration in RAD Security’s Data Sources section
3
Configure Event Types
Select which EDR event types to ingest and correlate
4
Test Connection
Verify events are flowing and correlation is working correctly