Cyber-security firm Comodo has open-sourced this week its endpoint detection and response (EDR) solution, becoming the first major security vendor to take this route.
Released as OpenEDR, the project’s source code was released this week on GitHub after Comodo touted the move to open source back in September [1, 2].
EDRs are considered the next step in the evolution of antivirus software. Classic antivirus software is designed to block malware when it executes.
EDRs are built differently, with a more proactive approach. They work by actively monitoring for suspicious behavior on endpoints and the local network and then sending alerts to a company’s IT staff to investigate.
They don’t necessarily look for confirmed threats but, instead, can also look for indicators of suspicious activity that sometimes precedes actual malware infections or threat actor intrusions.
“We are offering our EDR as open source because we feel strongly that as cyber-threats increase, every company should have access to this capability regardless of budget or ability to purchase it,” Alan Knepfer, President and Chief Revenue Officer at Comodo, said back in September.
“Our competitors offer endpoint protection that falls short of protecting customers, and then charge additional for EDR capability. This kind of pricing strategy from cybersecurity vendors will weaken the cybersecurity resources available to enterprises.
“The model of charging for multiple layers because they fail in protecting customers is not a healthy business model for the long term. We are putting an end to that by open sourcing the world’s most sophisticated EDR,” Knepfer added.
Comodo’s OpenEDR will include all the basic functionality of an EDR. This will include the ability to roll out custom detection rules and IOCs, real-time monitoring of workstation filesystems, detection of fileless threats, a recommendation engine that advises of measures that need to be taken, a GUI, and a threats vector investigation capability.
A technical breakdown of OpenEDR is available here, while the project’s support forum is here.
Besides OpenEDR, other open-source EDR and similar solutions also available today include the likes of: