Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
EDR-XDR solutions overview - visibility of attacks in telemetry based on offensive fileless attacks
Message
<blockquote data-quote="Adrian Ścibor" data-source="post: 1090998" data-attributes="member: 71496"><p>Dear Users!</p><p></p><p>We have published a report on checking products with EDR-XDR functionalities based on simulated files attacks. The matter is simple in the case of rather well-known attacks. However, more complex attacks may not be noticed by the product. It's not a big deal if there are some minimal traces of the attack, some telemetry - that was the purpose of this test. </p><p></p><p>Based on the data collected, we believe that the most important thing is that the product records traces of attacks in the administrator console. It does not matter if these events are processed automatically or manually by a team of qualified employees. The product must provide visibility into system events along with telemetry that allows to understand the context of the attack and capture the necessary technical details.</p><h2><span style="font-size: 15px">Testing solutions for business</span></h2><p>The policy configuration for antivirus agents was usually default or included additional settings for more detailed telemetry. Importantly, we did not disable antivirus protection or any other features. Solutions that had to be assigned a predefined agent configuration after installation <strong>were configured with the most hardened settings possible to achieve detailed visibility</strong> into the attack chain and telemetry which was the goal of this test. At the request of the developers, we assigned the proposed settings.</p><ol> <li data-xf-list-type="ol"><strong>Emsisoft Enterprise Security</strong> + EDR: default settings. </li> <li data-xf-list-type="ol"><strong>Eset Protect Elite</strong> + XDR: default settings + all rules for EDR enabled. </li> <li data-xf-list-type="ol"><strong>Microsoft Defender for Business</strong> + EDR: default settings. </li> <li data-xf-list-type="ol"><strong>Metras</strong>: default settings.</li> <li data-xf-list-type="ol"><strong>Xcitium Advanced</strong> + EDR: predefined policy 8.1. </li> </ol><p>To read the details please download the report from: <a href="https://avlab.pl/en/edr-xdr-solutions-overview-2024-2nd-edition/" target="_blank">Simulation Of Offensive Fileless Attacks Taking Into Account Incident Visibility In Telemetry » AVLab Cybersecurity Foundation</a></p></blockquote><p></p>
[QUOTE="Adrian Ścibor, post: 1090998, member: 71496"] Dear Users! We have published a report on checking products with EDR-XDR functionalities based on simulated files attacks. The matter is simple in the case of rather well-known attacks. However, more complex attacks may not be noticed by the product. It's not a big deal if there are some minimal traces of the attack, some telemetry - that was the purpose of this test. Based on the data collected, we believe that the most important thing is that the product records traces of attacks in the administrator console. It does not matter if these events are processed automatically or manually by a team of qualified employees. The product must provide visibility into system events along with telemetry that allows to understand the context of the attack and capture the necessary technical details. [HEADING=1][SIZE=4]Testing solutions for business[/SIZE][/HEADING] The policy configuration for antivirus agents was usually default or included additional settings for more detailed telemetry. Importantly, we did not disable antivirus protection or any other features. Solutions that had to be assigned a predefined agent configuration after installation [B]were configured with the most hardened settings possible to achieve detailed visibility[/B] into the attack chain and telemetry which was the goal of this test. At the request of the developers, we assigned the proposed settings. [LIST=1] [*][B]Emsisoft Enterprise Security[/B] + EDR: default settings. [*][B]Eset Protect Elite[/B] + XDR: default settings + all rules for EDR enabled. [*][B]Microsoft Defender for Business[/B] + EDR: default settings. [*][B]Metras[/B]: default settings. [*][B]Xcitium Advanced[/B] + EDR: predefined policy 8.1. [/LIST] To read the details please download the report from: [URL="https://avlab.pl/en/edr-xdr-solutions-overview-2024-2nd-edition/"]Simulation Of Offensive Fileless Attacks Taking Into Account Incident Visibility In Telemetry » AVLab Cybersecurity Foundation[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
