UNRIVALLED VISIBILITY

• Full EDR prevents silent failure by capturing raw events for complete visibility
• Visibility into incidents involving containers with process trees showing container IDs
• Full attack visibility provides details, context and history for every alert
• Event details and a full set of enriched data is continuously available, even for ephemeral and decommissioned workloads
• Rogue instance detection
• Extensive AWS visibility: Environment, accounts and instances

SIMPLICITY AND PERFORMANCE

• Works everywhere: EC2 instances, ECS & EKS containers, Windows, Linux, Amazon Linux
• One console provides central visibility over cloud workloads regardless of location
• No reboots — No signatures — No scan storms — No disruption
• Lightweight — Operates with only a tiny footprint on the host and Zero impact on runtime performance even when analyzing, searching and investigating
• Automatically kept up to date with SaaS delivery
• Complete policy flexibility — apply at individual server, group or data center level

EC2 AND CONTAINER PROTECTION

• Machine Learning and AI protects against known and zero-day malware
• Protection against prevalent cloud workload threats like web shells, SQL shells and credential theft
• Behavior-based indicators of attack (IOAs) detect sophisticated attacks such as fileless and malware-free
• Exploit protection and blocking
• Delivers container security through a single agent running on the node that protects the instance itself as well as all containers running on it

SEAMLESS AUTOMATION

• Automatic detection of attacker behavior with prioritized alerts and severity eliminates time-consuming manual searches and assessments
• Integration with CI/CD deployment workflows
• Powerful APIs enable automation of all functional areas including detection, management, response and intelligence
• Scales as cloud workloads expand — no need for additional infrastructure
• Integrates to AWS Security Hub for centralized management of threat alerts from AWS services