Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Endpoint Detection & Response - Protect Your Data > Endpoint Detection & Response > Flashcards

Endpoint Detection & Response Flashcards

1
Q

What is Endpoint Detection and Response?

A

Endpoint Detection and Response Solutions, is designed to detect, malicious activity on endpoints like computers, servers, tablets and mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the top 8 ways EDR Identifies threats?

A
  1. Behavioral Analysis
  2. Signature-Based Detection
  3. Heuristic Analysis
  4. Machine Learning (ML) & AI
  5. Real-Time Monitoring & Event Correlation
  6. Indicators of Compromise (IOCs)
  7. Automated Response and Remediation
  8. Threat Intelligence Integration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Behavioral Analysis?

A
  • Anomaly Detection: EDR tools monitor endpoint activities for unusual behavior that deviates from the baseline of normal operations. For instance, a user accessing unusual files or running unknown processes may trigger alerts.
  • Threat Hunting: EDR allows proactive searching for potential threats by correlating behavior with known attack patterns, techniques, or tactics (e.g., MITRE ATT&CK framework).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Signature-Based Detection

A
  • EDR will use known malware signatures, things like (hashes, file patterns) to identify threats. This is similar to traditional antivirus solutions, but EDR typically combines it with other detection methods.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Heuristic Analysis? ie, (Self problem solving or Discovery)

A
  • Analyzes code structure and file behavior.
  • EDR solutions can detect suspicious elements even if they don’t match a known malware signatures.
  • Heuristics can help identify polymorphic malware that changes its code to evade detection.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Machine Learning (ML) & AI?

A
  • EDR uses ML models to identify emerging threats by analyzing vast amounts of data.
  • It will scan for learning patterns, and flag potential threats based on predictive analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Real-Time Monitoring & Event Correlation?

A
  • EDR solutions continuously monitor endpoints, logging various events such as file modifications, network connections, and process executions. These events are then correlated in real time to detect threats. For example, if a process tries to escalate privileges and connects to an external server, EDR might flag this as a potential attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Indicators of Compromise (IOCs)?

A
  • EDR can detect threats by comparing endpoint activity against a database of IOCs. These include specific artifacts like IP addresses, domains, file hashes, and registry changes known to be associated with attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Automated Response and Remediation?

A
  • Once a threat is detected, EDR solutions may take automated actions like isolating the endpoint, killing processes, or rolling back changes to prevent further damage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Threat Intelligence Integration?

A
  • EDR solutions often integrate with global threat intelligence feeds that provide up-to-date information on new malware, attack vectors, and threat actor activities. This helps detect threats based on intelligence gathered from other environments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Endpoint Detection & Response - Protect Your Data (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions