Guidance Software EnCase Endpoint Security: EDR Product Overview and Insight

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Company description: Guidance software was founded in 1997 and went public in 2007. It trades on the NASDAQ under GUID.

Product description: EnCase Endpoint Security provides kernel-level visibility at the endpoint for detection and response. It enables early detection of signs of intrusion, anomalous activity, and insider threats that evade perimeter-based technologies. It has automated collection and analysis of time sensitive endpoint data. This allows security teams to validate, prioritize, and investigate events. The latest version adds conditional endpoint analysis and threat scores derived from embedded threat intelligence. It integrates with adjacent tools like SIEM, IPS, IDS, and perimeter security products.

Markets and use cases: Primary customers are large corporate clients and government agencies. Guidance counts 78 of the Fortune 100 and more than half of the Fortune 500 as customers. It serves industries with compliance and regulatory requirements, such as financial services, healthcare and government. Any large organization with a high volume of alerts from perimeter security technologies is also well suited for EnCase endpoint security. It also has a client base with devices like ATMs, POS terminals and manufacturing devices.

Agents: Deploys a single agent that runs its EDR tool, as well as its EnCase Endpoint Investigator and Enforce Risk Manager products.

Applicable metrics: It can scale up to hundreds of thousands of nodes.

Security qualifications: DIACAP, Common Criteria EAL-2 and FIPS 140-2

Intelligence: EnCase Endpoint Security uses automation and built-in threat intelligence to help incident responders streamline cumbersome incident response processes. Automation includes tools for alert response, alert validation and triage, and automated incident response.

Delivery: Software

Pricing: Commercial pricing starts at $57,995 for up to 2,000 nodes on a perpetual license.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required