A guided tour of EDR bypasses up until now |
Abstract
In the last few years, Endpoint detection and response (EDR) has become increasingly popular within the information security industry. With more organisations increasingly adopting the use of EDR to help prevent threats, the sales of EDR solutions are expected to reach over $7 billion by 2026 and major EDR solutions have all seen an upward trend every quarter. The success of the EDR companies highlights the widespread adoption in favour of traditional antivirus products who cannot keep up with the increasing frequency of attacks. To try to keep up with the pace of attacker, all EDR solutions are using Artificial Intelligence(AI) and Machine Learning(ML) driven capabilities to make defence accessible to organisations in a more automated way. This talk will present the history of EDR bypasses in order to help the audience understand the battle between attack and defense within this space. I'll go through how an EDR system can be used in an organisation to help them better detect and respond to threats. According to Gartner's Magic Quadrant for Endpoint Protection Platforms, the top three EDR leaders are Crowdstrike, Microsoft and Symantec. I'll perform a detailed study on the history and researches involved in EDR bypass on the top three leaders and how it relates and differs to traditional AV bypasses. Speaker Bio: Nive is a security consultant at Shea Information Security, specialising in penetration testing of web applications and networks. She also co-organises haXX, a group dedicated to teaching technical security skills to women who wish to break into the security field. Nive also assists with the ethical hacking module for the masters in cyber security programme at RMIT. |