![]() Not only do we support a multinational company spread across various endpoint devices we also make heavy usage of AWS, Azure, and GCP for the purpose of hosting the Lightspin platform and to support our security research.įor our purpose, we chose to stick with Microsoft Defender for Endpoint (MDE), which was formerly known as Microsoft Defender Advanced Threat Protection (MDATP). Here at the Lightspin Office of the CISO we strive to use the least amount of fully capable tools as possible to do the job and focus on feature sets and compatibility across environments. These capabilities provide added power across Prevention, Detection, and Response to ransomware (and other generic malware), trojans, keyloggers, and can help bolster your overall detection strategy. They can perform signature-based scans at times, use more complex behavioral and heuristic data to fingerprint malware variants, and can sometimes even collect metadata about services and software running on your server for the purpose of Vulnerability Management (at Lightspin we can do that without a sensor □). ![]() EDR tools have changed quite a bit, even with newer acronyms like Extended Detection and Response (XDR) emerging, at the end of the day they are typically Agents (also called Sensors) which collect near real-time telemetry from your servers. First suggested to Gartner in 2013, the EDR solution space has grown tremendously, with open-source tools like Wazuh and more mainstream offerings like Crowdstrike Falcon or Trend Micro, there is a lot of choice for security teams. When it comes to protecting your AWS server estate, or your endpoints and servers in a broader perspective no matter the environment, one security tool solution that comes to mind is Endpoint Detection and Response (EDR).
0 Comments
Leave a Reply. |