Endpoint Analysis Flashcards
What are endpoints?
Any device we may use to connect to our network. Desktops, smartphones, tablets, etc.
What are the tools we use to do endpoint analysis?
Anti-virus (AV)
Host-based Intrusion Detection/Prevention Systems (HIDS/HIPS)
Endpoint Protection Platform (EPP)
Endpoint Detection Response Platform (EDR)
User Entity Behavioral Analytics (UEBA)
What is Anti-Virus (AV)
What malware does it protect against?
Software capable of detecting and removing malware infections. Also known as anti-malware
Viruses Worms Trojans Rootkits Adware Spyware Password Crackers Network Mappers Denial of Service tools
What does a Host-based IDS/IPS (HIDS/HIPS) do?
How do they detect threats?
What type of threats to they identify?
Monitors an endpoint system for unexpected behavior or drastic changes to the system’s state.
Most use signature based detection.
Unauthorized login and access attempts
Installation of unwanted applications
Privilege escalation
Rogue processes
Changes in applications, file systems and drivers
Critical services that have been stopped or failed to run
What is the Endpoint Protection Platform (EPP)?
What type of detection is it focused on?
What security systems are a part of it?
A software agent and monitoring system that performs multiple security tasks.
Focused on Signature detection.
Anti-virus HIDS/HIPS Firewall Data Loss Prevention File Encryption
What is an Endpoint Detection and Response (EDR) platform?
What analysis is it focused on?
What is it designed to do?
A software tool that collects system data and logs for analysis to help provide early detection of threats.
Focused on Behavioral and Anomaly Analysis.
It does not prevent initial execution of threats, instead, it’s designed to provide “runtime and historical visibility” into a compromise and help you as an instant responder.
What is a User and Entity Behavior Analytics (UEBA) platform?
How does it detect threats?
A software system that can provide automated identification of suspicious activity by user accounts and computer hosts.
Activity that falls outside of baseline of normal activity or looks suspicious gets investigated.
UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence and machine learning.