Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How good is Microsoft Defender for Endpoint?
Message
<blockquote data-quote="Victor M" data-source="post: 1114549" data-attributes="member: 96560"><p>Some of us are a bit of a defeatist when it comes to dealing with hackers. You put in your defense layers and he tries to break thru. If you have an EDR you may catch the attack upon reviewing your alerts, but he's already inside. So then you re-image, add a block to block his attack. And add some more defense configs. He will notice that his C2 component is gone, and try again. The game goes on. The problem for the defender is that he has to spend time to review + investigate the EDR alerts, the alerts are just suspicous things, and may mean nothing. And for the defender, all it takes is one mis-configuration, one vulnerability, one human error; that is if the attacker finds and exploits it. The attacker does not have a guarranteed win, but he has a good chance. You have to be dilligent, always learning, always looking for improvements, thinking like an attacker and ways to twart him and always monitoring for attacks. Knowing all the various methods of attacks helps, pick up a book on the Comptia Security+ certification, <a href="https://www.amazon.ca/CompTIA-Security-Certification-Guide-SY0-601/dp/1260464008/ref=sr_1_7?s=books" target="_blank">Amazon.ca</a> it provides good coverage on that and more. Easy read. It also has a chapter on defense frameworks that teaches you where to find guidance to get good defense coverage.Those frameworks can be used as a checklist of what to implement. Better to spend money on knowing the whole picture than just jumping onto an AV and praying. After learning the Security+ curriculum, you will be spending money more wisely.</p><p></p><p>IMHO, what matters most is determination to defend your turf.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1114549, member: 96560"] Some of us are a bit of a defeatist when it comes to dealing with hackers. You put in your defense layers and he tries to break thru. If you have an EDR you may catch the attack upon reviewing your alerts, but he's already inside. So then you re-image, add a block to block his attack. And add some more defense configs. He will notice that his C2 component is gone, and try again. The game goes on. The problem for the defender is that he has to spend time to review + investigate the EDR alerts, the alerts are just suspicous things, and may mean nothing. And for the defender, all it takes is one mis-configuration, one vulnerability, one human error; that is if the attacker finds and exploits it. The attacker does not have a guarranteed win, but he has a good chance. You have to be dilligent, always learning, always looking for improvements, thinking like an attacker and ways to twart him and always monitoring for attacks. Knowing all the various methods of attacks helps, pick up a book on the Comptia Security+ certification, [URL='https://www.amazon.ca/CompTIA-Security-Certification-Guide-SY0-601/dp/1260464008/ref=sr_1_7?s=books']Amazon.ca[/URL] it provides good coverage on that and more. Easy read. It also has a chapter on defense frameworks that teaches you where to find guidance to get good defense coverage.Those frameworks can be used as a checklist of what to implement. Better to spend money on knowing the whole picture than just jumping onto an AV and praying. After learning the Security+ curriculum, you will be spending money more wisely. IMHO, what matters most is determination to defend your turf. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
