The malicious activities have moved away from being malicious files that can be caught by signatures to malicious performances utilizing legitimate files such as CMD, PowerShell, or Exploit within word documents, PDF files, etc.
Therefore, the cyber-attack game has strengthened its rules and updated to an advanced level. The current antivirus systems consider PowerShell as safe executables and let them operate; for this reason, we need an EDR system as a weapon to survive these attacks and to check what’s running inside these PowerShell/ memory space of WinWord if there is an exploit, or a process injection, etc.
So, what are the main characteristic of an EDR system:
– Strong incident response team and threat intelligence
– Detection capabilities of the EDR agent using machine learning, and AI
Machine Learning Role:
Since the amount of data you need to examine is massive, creating rules on the EDR level is not scalable or sustainable: Here comes the role of Machine Learning and Artificial Intelligence that are a part of Data Science, which is not currently available in the region.
Unfortunately, we don’t have the capability for Machine Learning experts and data scientists in the region. We are still rules-based even on SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation and Response); perhaps, we have to wait up to 10 years to have such expertise due to several aspects:
1- such technologies are not included in the colleges’ curriculum
2- we cannot easily understand user behaviors to write or create rules inside the system since the number of existing attacks and the expected ones are noncountable.
3- noticing the gap between human errors and machine errors is tremendous.
Despite the fact, with all the technological progress, there is no magical solution for cybersecurity; meantime, we are required to take care of other things such as patching, hygiene, and monitoring malicious activities; while hardening the existing firewalls and operating systems.
Stay Up To Date!
Originally published at https://www.linkedin.com.
Thanks for your blog, nice to read. Do not stop.
After I initially commented I appear to have clicked on the -Notify me when new comments are added- checkbox and from
now on every time a comment is added I recieve four emails with the exact same comment.
Is there an easy method you are able to remove me from that service?
Thanks!
When I originally commented I clicked the “Notify me when new comments are added” checkbox
and now each time a comment is added I get four e-mails with the same
comment. Is there any way you can remove me from that service?
Cheers!
What a information of un-ambiguity and preserveness of valuable
knowledge regarding unpredicted emotions.
You’re so interesting! I don’t think I’ve read through a single thing like that before.
So nice to discover another person with a few original thoughts on this subject.
Seriously.. thanks for starting this up. This site is something
that’s needed on the internet, someone with a bit of originality!
I like the valuable information you provide in your articles.
I’ll bookmark your weblog and check again here regularly.
I’m quite certain I will learn a lot of new stuff right here!
Best of luck for the next!