Skip to content

Trending tags

What is good endpoint detection?

Noora Hyvärinen

18.06.15 1 min. read

Intrusions are all about endpoints. While attackers may enter and leave using the network, the endpoint is where they conduct their business. The objective of an attack may be varied, for example financial (organized crime) or information-driven (espionage), but almost all attacks require the compromise of a workstation or server and the subsequent ability to either manipulate, remove or destroy the data on that endpoint. The actions taken by an attacker will vary depending upon his objectives, but the main themes recur time and again, so an endpoint detection solution needs to be able to address these themes and collect relevant data:

  • Presence of attackers tools/scripts
  • Subversion of the operating system and/or system files
  • Persistence techniques used by attackers
  • Hiding techniques used by attackers
  • Privilege escalation
  • User account enumeration
  • Process dumps/memory captures

The best intrusion analysts know the mindset of the attacker, and know his methods; this helps them to hunt the attacker down. Knowledge of how the attacker will use the endpoint and the manner in which that will yield certain forensic artifacts is fundamental to uncovering new threats in your environment.

To find out more about good endpoint detection call us on +44 (0) 3302 230 434

Noora Hyvärinen

18.06.15 1 min. read

Categories

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.