Managed EDR and anti-ransomware protection for companies
An EDR (Endpoint Detection and Response) solution monitors the behaviour of your workstations and servers to catch what a traditional antivirus misses: ransomware, credential theft, misuse of legitimate tools. We deploy, tune and operate this protection day to day — behavioural detection, email filtering, alert triage and threat response — for companies in Paris and Île-de-France.
Today's ransomware no longer looks like yesterday's viruses: stolen credentials, hijacked system tools, brand-new files that no signature database recognises. A traditional antivirus compares against what is already known; by the time it reacts, file encryption has already begun.
02
Email as the way in
A large share of compromises start with an email: a booby-trapped attachment, a phishing link, a fake invoice. Without serious filtering and awareness training, company security rests on each employee's vigilance, at every click — a defence that eventually gives way.
03
Alerts that no one handles
A security tool without monitoring produces alerts that no one reads. The incident is then discovered too late — often one morning, in front of encrypted files — when all that remains is to rebuild. Detection only has value if someone triages the alert and responds.
What we cover
The scope of the service.
01 / WORKSTATIONS & SERVERS
EDR protection for workstations and servers
A detection agent deployed on the workstations and servers in scope, analysing behaviour — processes, connections, file changes — and able to isolate a compromised machine.
EDR agent on Windows workstations and on Windows and Linux servers
Behavioural detection of ransomware and malicious software
Isolation of a compromised workstation from the rest of the network
Coverage of workstations used for remote work
Centralised deployment, with Intune depending on your environment
02 / EMAIL
Email filtering and anti-phishing
Email is one of the main entry points for attacks: we filter it upstream and prepare your teams to recognise whatever still gets through.
Anti-spam and anti-phishing filtering for your email
Analysis of attachments and links
Securing Microsoft 365 email
Phishing awareness training for your employees
03 / MONITORING & RESPONSE
Alert monitoring and threat response
Alerts raised by the EDR are triaged and handled: containment, remediation, return to service, then a documented root-cause analysis.
Remediation and return to service of affected machines
Root-cause analysis and incident report
Coordination with your backups and your disaster recovery plan (DRP)
04 / HARDENING
Reducing the attack surface
Detection works better when there is less to detect: in parallel, we reduce the entry points an attacker could exploit.
Multi-factor authentication (MFA) on user access
Management of permissions and privileged accounts with Entra ID
Tracking of security updates on workstations and servers
Reasoned, prioritised hardening recommendations
How we proceed
From scoping to follow-up.
The exact scope, deliverables and timelines are formalised in the proposal, before any commitment.
1
Exposure audit
A review of workstations, servers, email and the protections in place: current antivirus, access rights, updates, backups. It establishes the scope and the priorities.
2
Phased agent deployment
The EDR agent is deployed centrally, starting with a pilot group: we observe real-world behaviour on your machines and business applications before rolling out more widely.
3
Tuning and monitoring setup
Detection rules are adjusted to your business to limit false positives, alerts are routed into our monitoring, and response procedures are formalised with you.
4
Operations and response
Alerts are triaged and handled: containment of a compromised workstation, account blocking, remediation, return to service. Significant incidents receive a root-cause analysis and a written report.
5
Continuous improvement
Lessons learned, phishing awareness campaigns, rule adjustments and regular reporting: the setup keeps pace with evolving threats and with your organisation.
Frequently asked questions — cybersecurity
The answers describe how the service works. Quantified commitments are formalised in your contract.
An EDR (Endpoint Detection and Response) monitors the behaviour of workstations and servers: processes launched, network connections, file changes. Where an antivirus compares files against a database of known signatures, an EDR spots suspicious actions — mass encryption of documents, for example — even when the program is unknown. It also makes it possible to act: isolate the machine, stop the process, trace the path of the attack.
No — no single tool is enough on its own. An EDR reduces the risk of workstation compromise, but a company's resilience rests on several layers: email filtering, permissions management, updates, team awareness — and above all tested backups and a disaster recovery plan. That combination is what we put in place and operate, not an isolated product.
The alert is first triaged: false positive or genuine threat. If the threat is confirmed, the affected workstation can be isolated from the network, the accounts involved blocked and access revoked, before remediation and return to service. The incident then receives a root-cause analysis and a written report. Response and communication arrangements are formalised during scoping and in your service contract.
Commitment levels — monitoring windows, response times — are formalised in the specific terms of your contract: we do not publish response times that are not contractually agreed. Some responses, such as isolating a workstation showing clearly malicious behaviour, can be automated and executed by the agent as soon as the threat is detected.
Not necessarily straight away: the initial audit assesses what is in place, what can coexist and what needs replacing. When the migration is decided, it is planned in waves, with a pilot group, to limit the risk of leaving workstations unprotected during the cutover.
Modern EDR agents are designed to use few resources, but the actual impact depends on the machines and applications in use. That is exactly what the pilot deployment measures before the wider rollout: settings are adjusted if a workstation or a business application shows unusual behaviour.
The number of workstations and servers to cover, the breadth of the scope (email filtering, awareness training, hardening), the level of monitoring and response expected, and the state of the existing setup to take over. We produce a quote after the audit, formalised in the specific terms of your contract.
Technical telemetry focused on system events: processes run, network connections, file changes; it is not intended to cover the content of your employees' documents. The setup is designed to fit within the applicable obligations (informing individuals, retention periods and so on); the legal qualification remains to be validated with your own counsel, and these points are addressed during scoping.
Reversibility is provided for in the contract: orderly uninstallation of the agents, hand-back of documentation and incident reports, and an overlap period with the incoming provider where possible. The steps are sequenced to limit the risk of leaving your IT estate unprotected during the transition.