Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo Endpoint Detection and Response (EDR) is now open source!
Message
<blockquote data-quote="Victor M" data-source="post: 1055989" data-attributes="member: 96560"><p>I should add that hackers do not rely on malware that is detectable by common AV's. They test their tools against common AV's to make sure that they are not detectable before deploying them. So if you are relying on your anti-malware to stop hackers you will be defeated every time. My 'red team' has never used a tool that my various big name AV's could detect. Examples are remote access tools and windows features disruption tools. That is where an EDR like Comodo's OpenEDR comes in. Windows events record everything. It's just that the major AV's don't identify them as suspicious. But a human can see that something sticks out and shouldn't be happening. An example is a 'Write to executable' event (create exe) or a 'Binary executing from Temp directory' event happening when you did not install anything. AV's won't blink but a human will know something is wrong. And EDR's has the comprehensive Mitre Att&ck hacker tactics covered. It filters Windows events and raises Alerts for you to review and decide upon. Most importantly, it clues in that your defenses has a hole and you need to address it. If you are serious about security, you should have an EDR tool - it is an essential layer of defense.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1055989, member: 96560"] I should add that hackers do not rely on malware that is detectable by common AV's. They test their tools against common AV's to make sure that they are not detectable before deploying them. So if you are relying on your anti-malware to stop hackers you will be defeated every time. My 'red team' has never used a tool that my various big name AV's could detect. Examples are remote access tools and windows features disruption tools. That is where an EDR like Comodo's OpenEDR comes in. Windows events record everything. It's just that the major AV's don't identify them as suspicious. But a human can see that something sticks out and shouldn't be happening. An example is a 'Write to executable' event (create exe) or a 'Binary executing from Temp directory' event happening when you did not install anything. AV's won't blink but a human will know something is wrong. And EDR's has the comprehensive Mitre Att&ck hacker tactics covered. It filters Windows events and raises Alerts for you to review and decide upon. Most importantly, it clues in that your defenses has a hole and you need to address it. If you are serious about security, you should have an EDR tool - it is an essential layer of defense. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
