Endpoint Analysis Flashcards

1
Q

What are endpoints?

A

Any device we may use to connect to our network. Desktops, smartphones, tablets, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the tools we use to do endpoint analysis?

A

Anti-virus (AV)
Host-based Intrusion Detection/Prevention Systems (HIDS/HIPS)
Endpoint Protection Platform (EPP)
Endpoint Detection Response Platform (EDR)
User Entity Behavioral Analytics (UEBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Anti-Virus (AV)

What malware does it protect against?

A

Software capable of detecting and removing malware infections. Also known as anti-malware

Viruses
Worms
Trojans
Rootkits
Adware
Spyware
Password Crackers
Network Mappers
Denial of Service tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does a Host-based IDS/IPS (HIDS/HIPS) do?

How do they detect threats?

What type of threats to they identify?

A

Monitors an endpoint system for unexpected behavior or drastic changes to the system’s state.

Most use signature based detection.

Unauthorized login and access attempts
Installation of unwanted applications
Privilege escalation
Rogue processes
Changes in applications, file systems and drivers
Critical services that have been stopped or failed to run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Endpoint Protection Platform (EPP)?

What type of detection is it focused on?

What security systems are a part of it?

A

A software agent and monitoring system that performs multiple security tasks.

Focused on Signature detection.

Anti-virus
HIDS/HIPS
Firewall
Data Loss Prevention
File Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Endpoint Detection and Response (EDR) platform?

What analysis is it focused on?

What is it designed to do?

A

A software tool that collects system data and logs for analysis to help provide early detection of threats.

Focused on Behavioral and Anomaly Analysis.

It does not prevent initial execution of threats, instead, it’s designed to provide “runtime and historical visibility” into a compromise and help you as an instant responder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a User and Entity Behavior Analytics (UEBA) platform?

How does it detect threats?

A

A software system that can provide automated identification of suspicious activity by user accounts and computer hosts.

Activity that falls outside of baseline of normal activity or looks suspicious gets investigated.

UEBA solutions are heavily dependent on advanced computing techniques like artificial intelligence and machine learning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly