I am feeling adventurous, so let’s have an EDR mud fight [pillow fight?] – kernel or userland agent?
|Top Pros||Top Cons|
|Kernel mode EDR agent||
|User mode EDR agent||
As a quick side note, some EDR vendors’ agent code include both kernel and userland components, and while this helps with some cons of the “pure” kernel agent, it does not really mitigate the higher chance of stability problems issue.
To summarize, this is (IMHO) a fight between “Higher chance of system stability problems” vs “Higher chance of being subverted or avoided by the attacker.”
Add your own? Debate? Throw mud or a pillow?
Blog posts related to our current EDR research:
- Using EDR For Remediation?
- EDR Research Commencing: Call To Action!
- Where Does EDR End and “NG AV” Begin?
- Reality Check on EDR / ETDR
- My Paper on Endpoint Tools Publishes (2013)
- Endpoint Threat Detection & Response Deployment Architecture
- Essential Processes Around Endpoint Threat Detection & Response Tools
- Named: Endpoint Threat Detection & Response
- Endpoint Visibility Tool Use Cases
- On Endpoint Sensing
- RSA 2013 and Endpoint Agent Re-Emergence
- All posts tagged endpoint
Read Complimentary Relevant Research
Security and Risk Leadership Vision for 2017
Security and risk management are key enablers for digital business. SRM leaders are accountable for helping the enterprise balance the...
View Relevant Webinars
Surviving a Software Audit
Gartner clients continue to report increasingly frequent software license audits, resulting in undefended, unbudgeted and unmanaged costs....
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.