go top
  1. Solutions
  2. Distribution
  3. IBM ReaQta

IBM ReaQta

logo

EDR Endpoint Protection

Protect endpoints from cyber attacks, detect abnormal behaviors and remedy almost immediately

IBM Security ReaQta is an Endpoint Detection and Response (EDR) solution that is easy to use; it can help enterprises protect endpoints from threats. This solution has outstanding automation capabilities, and uses artificial intelligence (AI) and machine learning technology to detect abnormal behaviors and remedy threats in real-time.

ReaQta also adopted the Nano OS (Live-Hypervisor based monitoring) technology, able to defend against and reduce external threats, and the possibility of attackers tampering with and disabling endpoint detection warnings.

The ReaQta platform allows customizing detection rules at endpoints to set up detection cases; through AI technology, the platform learns from daily decision-making processes to reduce the number of fatigue and false alarm incidents from information security analysts due to warnings, and effectively improve the information security detection and response efficiency and energy of EDR/MDR operators and maintainers.

  • icon
    Pre-execution Prevention

    Check the file source before full execution, and stop the file from running if malicious code is detected.

  • icon
    Nano Operating System (NanoOS) and Dual AI Engine

    Allows some detection and autonomous operational functions even if the endpoint is offline.

  • icon
    Attack Visibility

    Detects and correlates alert information, including the root cause of the attack, risk assessment, and MITRE ATT&CK framework.

  • icon
    Threat Hunting

    Supports real-time, infrastructure-wide search for protocol indicators (IOCs); binary files and behaviors. Automated data mining helps identify potential threats.

  • icon
    Forensics

    Supports remote collection of investigative forensics data, assisting in supporting forensic analysis and reconstruction of attacker activities.

  • icon
    Threat Insights

    Helps analysts identify potential threats and accelerate categorization through metadata-based analysis. Enables detection and static analysis for alert work to immediately identify new binaries after activation.

  • icon
    Anti-Ransomware

    Analyzes file behavior to detect impending attacks and can block malicious processes from executing.

  • icon
    Signature Scanning

    Uses heuristic and signature-based prevention.

  • icon
    Custom Scripts

    Automation functionality supports creating custom detection, response, and remediation scripts.

  • icon
    API Access

    Provides direct API access to the ReaQta engine, useful for automating workflows and integrating with external platforms.

  • icon
    Network Assistant

    Enables AI-driven alert management system to automatically handle alerts. It can immediately understand the analyst’s decision after only seeing a given alert once.

  • icon
    Behavior Detection

    Uses near-real-time, behavior-based anomaly detection and response capabilities to help protect organizations from advanced malware attacks and threats.

ReaQta Operating Features

  • 01
    Continuous Endpoint Data Collection

    Data can be continuously collected from each endpoint device by installing lightweight data collection tools or agent programs in each endpoint device.

  • 02
    Real-time Threat Detection and Analysis

    The EDR solution uses advanced correlation analysis and machine learning algorithms to detect known threats and suspicious activities in real-time. EDR will continually search for potential or known cyber threats or cybercrime-related behaviors or incidents, and perform threat detection and investigation through the core analysis engine of EDR by comparing the real-time data with baselines established from historical data, in order to identify suspicious and abnormal end-user activities and any incidents that might be related to cyber security incidents or threats.

  • 03
    Threat Response and Automation Mechanisms

    EDR solutions must be able to self-learn over time based on the predefined rules set by the security team or through machine learning algorithms, and also provide manual, semi-automatic, or automated threat response processing and corresponding threat response mechanisms. The so-called “automated response” refers to integrating the “responses” from processing incidents into EDR solutions through automated mechanisms, so that the information security team can process incidents using automated or semi-automatic mechanisms when processing incidents.

  • 04
    Threat Isolation and Remediation

    Once a threat incident is isolated, the EDR solution can provide security analysts to further investigate the contents of the threat incident. For example, Forensic Analysis can help security analysts investigate the root cause of the threat, identify the various files affected by it, and find out whether the attacker used one or multiple vulnerabilities to enter the network and move laterally. With complete investigation information, analysts can use remediation tools to eliminate the threats and finish repairs.

  • 05
    Supports Threat Searching

    “Threat Searching” (also called “Threat Hunting”) is a proactive security conduct; information security analysts search for unknown threats in the network, or known threats that have not yet been detected or repaired by the automated network security tools of the organization.