Endpoint Detection and Response Essentials Explore the Landscape of Hacking, Defense, and Deployment in EDR
Elevate your expertise in endpoint detection and response by mastering advanced EDR/XDR concepts through real-life examples and fortify your organization's cyber defense strategy Key Features Learn how to tackle endpoint security problems in your organization Apply practical guidance and real-w...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham :
Packt Publishing, Limited
2024.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009825890906719 |
Tabla de Contenidos:
- Cover
- Copyright
- Contributors
- About the reviewers
- Table of Contents
- Preface
- Part 1: The Fundamentals of Endpoint Security and EDR
- Chapter 1: Introducing Endpoint Security and EDR
- An overview of modern cybersecurity threats and challenges
- Importance of endpoint security in modern IT environments
- EDR tools versus traditional anti-virus - navigating the new world of endpoint security
- Evolution of EDR technologies
- Summary
- Chapter 2: EDR Architecture and Its Key Components
- Definition and core concepts of EDR
- Endpoints
- Endpoint visibility (monitoring)
- Detection
- Response
- EDR architecture
- Key features and capabilities of EDR tools
- An overview of popular EDR tools
- Microsoft Defender for Endpoint
- SentinelOne
- CrowdStrike Falcon Insight
- Summary
- Chapter 3: EDR Implementation and Deployment
- The planning and considerations before deploying EDR and deployment models
- On-premises EDR
- Cloud-based EDR
- Hybrid EDR
- Lab experiment - hands-on deployment of SentinelOne Singularity EDR/XDR
- Use cases
- Use case 1
- Use case 2
- Use case 3
- Summary
- Part 2: Advanced Endpoint Security Techniques and Best Practices
- Chapter 4: Unlocking Synergy - EDR Use Cases and ChatGPT Integration
- DFIR life cycle
- Use case 1 - identifying the source and root cause of data leakage in the cyber incidents
- Objective
- Background
- Integration process
- Analysis and correlation
- Benefits
- Conclusion
- Use case 2 - endpoint management with EDR
- Objectives
- Policy definition and deployment
- Benefits
- Conclusion
- Use case 3 - safeguarding your company against WannaCry using EDR
- Background
- Incident timeline
- Outcomes and lessons learned
- Use case 4 - email security
- Use case 5 - ransomware incident
- Use case 6 - man-in-the-middle attack
- Summary.
- Chapter 5: Navigating the Digital Shadows - EDR Hacking Techniques
- The foundation of the evasion life cycle
- Function hooking DLLs and how to evade them with In/DirectSyscalls
- Event Tracing for Windows (ETW) and how to evade it
- Patching
- Configuration modification
- Living off the Land (LOTL) techniques
- Microsoft's unwitting role
- Use of kernel-land software (aka the driver method)
- Summary
- Chapter 6: Best Practices and Recommendations for Endpoint Protection
- Endpoint hardening
- Network segmentation
- Inventory and asset discovery
- Using a VPN
- Using MFA
- Closing the USB ports
- Automated updates
- Implementing endpoint encryption
- Regularly assessing and auditing endpoints
- Imposing least privileges and access controls
- Automatic screen lock
- Managing your passwords
- Roaming clients
- Summary
- Part 3: Future Trends and Strategies in Endpoint Security
- Chapter 7: How DNS Logs Can Help You to Defend Your Endpoints
- DNS protocol and enrichment
- Example use cases
- DNS firewall
- How does it work?
- Key advantages of DNS firewalls
- Domain categorization
- Domains without an IP address
- DNS tunneling
- Important elements of detection techniques
- Summary
- Chapter 8: The Road Ahead of Endpoint Security
- Summary of this book
- The future of endpoint security
- Index
- Other Books You May Enjoy.
