EDR architecture

To identify advanced threats and in-progress attacks, EDRGravityZone protection layers availability matrix requires hardware and operating system data. Some of the raw data is processed locally, while machine learning algorithms in the Security Analytics, perform more complex tasks.GravityZone protection layers availability matrix

EDR contains two major components:

  • The EDR Sensor, which collects process data, and reports endpoint and application behavior data.

  • The Security Analytics, a backend component used to interpret metadata collected by the EDR Sensor.