InMesh: A Zero-Configuration Agentless Endpoint Detection and Response System

Endpoint Detection and Response (EDR) systems play a crucial role in continuously monitoring endpoint activities to detect, analyze, and respond to cybersecurity threats in real time. Traditional agent-based EDR systems rely on software agents installed on endpoints for data collection, which can be impractical due to the large number of devices, their mobility, and privacy concerns. In contrast, agentless EDR systems aim to overcome these limitations by remotely collecting network and host data, but they face challenges in precise data attribution because of the transient nature of network addresses. Achieving a fully zero-configuration agentless EDR system remains a significant challenge. This paper introduces InMesh, an innovative system that can identify and monitor endpoints without relying on network addressing or software agents. The effectiveness of the approach is demonstrated using real-world data.