EDR explained - my FAVOURITE technical security control
HTML-код
- Опубликовано: 8 июн 2024
- I'm not afraid to admit it, but I LOVE EDR. I've been working in information security for over a decade, and I've consistently seen attackers target endpoints. It's where users hang out, and therefore they're a treasure trove of sensitive data such as credentials, personal data, post-MFA access tokens etc.
Also, they almost always have internet access, and because users are browsing the web and opening emails on them, they give attackers great opportunities to gain access to them.
In this video I talk through what EDR is, the history of EDR, how it works, pros/cons, and the future.
You may have heard of EDR through other names, such as CrowdStrike, Windows Defender, or SentinelOne (other vendors are available!)
Below are the links I mention in the video.
Pyramid of pain: / pyramid-pain-timeless-...
My EDR article from LinkedIn: / endpoint-detection-res...
Irish health service ransomware article: / how-irish-health-servi...
British library ransomware article: / british-library-ransom...
Office of Personnel Management (OPM) article: / opm-breach-very-bad-da...
Office of Personnel Management (OPM) video: • The biggest data breac...
00:00 Introduction.
00:32 The history of EDR.
01:56 How EDR works.
02:57 EDR components.
03:38 Pros of EDR.
05:40 Costs and considerations.
06:56 Real-world examples where EDR would have helped.
08:01 The future of EDR.
09:29 Outro.
#cybersecurity #informationsecurity #ransomware - Наука
I am an aspiring SOC analyst, and I love the way you explain concepts and tools in your videos that make it easily digestible for those without 10+ years in the field. Thanks!
Thanks for taking the time to leave a comment! I really appreciate it 🙂
Great overview of EDR! Nicely done Steve 🎉
Thanks man! Yeah EDR is THE BEST.
I have both Ransome manuals Part I and II by Bassterlord. As you mentioned, the attacker primarily targets exposed VMS, focusing on ESXi zero-days and zerologon vulnerabilities. However, the exploits in Part II have become more complex and less clear. Many organizations, unfortunately, only take security seriously after they've been hacked. While EDR is excellent, not all organizations are willing to implement it.
Great video Steve
Thanks very much for saying so! RUclips can feel a bit like talking to an empty room so it’s lovely to hear feedback 🙂
Thanks. I must explore EDR usage now that I've obtained CompTIA Security+ certification. I'm a bit lost on where I should start with it.
I highly recommend it, and also congrats on passing Sec+!