Timely and accurate endpoint data has always been critical to detection operations. It's also critical to remediation. When responding to a threat, you need to know
- What is the endpoint's current hostname and IP?
- What were the endpoint's hostname and IP when the threat was detected?
- Is it currently online?
These questions can be surprisingly hard to answer given the nuances in networking and systems administration, especially in the context of an EDR solution where thousands of endpoints are constantly checking in, changing status, and submitting data.
We recently made several design performance improvements to our synchronization and storage of current and historical endpoint data. This means that changes to endpoint data in your Red Canary portal are faster than ever, and historical information is more easily accessible than ever.