It’s almost impossible to get ahead of Dr. Chuvakin on blog posts and announcing new research, but I’m lucky enough he is driving at this precise moment and not able to do it before me 🙂
This document should be the “starting point” to anyone trying to understand what EDR tools are, what they should be used for and what to consider before implementing this technology. Key EDR use cases are incident-related search and investigation, suspicious activity detection, alert triage and validation, threat hunting, and stopping malicious activity.
Things you can find on this paper:
- EDR Definition
- EDR Key Capabilities
- Why did EDR tools appear?
- Building a Business Case for EDR
And much more. I hope you enjoy. Then next one is a comparison of the most visible EDR tools out there, it’ll be out in a few days.