Endpoint Visibility and EDR

Endpoint Visibility & EDR: Important Assessment Criteria

Suzanne Moore

Most organizations have no idea what’s happening on their endpoints. We often hear this referred to as “endpoint blindness,” and it’s one of the most common challenges for security teams. Organizations have hundreds or thousands of laptops, workstations, and servers in their environment, but have no idea what’s actually happening on them. With the increased sophistication and frequency of today’s attacks, … Read More

Whitelist Evasion Example

Whitelist Evasion Example: Threat Detection #723

Keshia LeVan

In my previous blog post on bypassing application whitelisting, I provided an overview of what application whitelisting is, why it’s effective, and how to look for signs that it’s being bypassed. Now, let’s dig deeper into a real-world example to illustrate what analysts and IT teams will see when monitoring endpoint behavior. Oftentimes when a built-in tool is being used … Read More

A Guide to Evaluating EDR Security Products: 15 Critical Questions to Ask

Suzanne Moore

The EDR market is booming. A recent Gartner report found that the EDR market more than doubled in 2016, and another analysis predicts the number of organizations using EDR security products will triple over the next five years. However, growth does not come without challenges. Many security teams struggle to define the right questions to ask when looking to add EDR … Read More

PowerShell Empire

Detecting Post Exploitation with EDR: What Security Teams Need to Know

Joe Moles

I recently joined Rick McElroy from Carbon Black on a webinar to discuss techniques for detecting post exploitation with EDR. The steady stream of questions reminded me how many people are interested in the topic. I’m passionate about helping people detect post exploitation behaviors and am always excited to share what I have learned. I wanted to circle back and share some … Read More

3 Ways to Implement an EDR Capability in Your Security Program

Endpoint Detection and Response: 3 Ways to Implement an EDR Capability in Your Security Program

Suzanne Moore

As organizations look for better ways to defend against evolving cyber attacks, endpoint detection and response (EDR) is rapidly emerging as a solution. EDR promises to combine visibility, threat detection, and response across all of your endpoints. However, security teams often don’t realize that developing a true EDR capability can be challenging. It’s not something you simply buy off the … Read More