An evaulation study of endpoint detection and response systems across multi-vector attack scenarios
Date
2024
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Delaware
Abstract
The proliferation of devices that access organizational data has crossed traditional security boundaries via the Internet. Endpoint security has now evolved from traditional signature-based antivirus software to endpoint detection and response (EDR) solutions which cross multiple vectors of connectivity. EDR is software that detects and prevents cyberattacks while also providing key visibility of organizational assets. In addition, EDR will continually collect and analyze data along with using the latest generative artificial intelligence technologies to convert data into actionable intelligence. My experiment will leverage the latest simulation tools in a virtualized environment to track how several EDR solutions respond to advanced attack scenarios that replicate real-world cyberattacks. ☐ Chapters 1 and 2 will provide a brief overview of EDR along with a full description of the underlying detection and response components. Chapter 3 will document the virtualized computing environment which includes the deployed branch attack and simulation software. Attack vectors are summarized by the MITRE ATT&CK framework which is widely used in the cybersecurity industry to detail tactics and techniques used by global adversaries. Chapter 4 will outline five major EDR solutions and identify specific vectors that were vulnerable to my simulated attacks. Lastly, Chapter 5 will include a comprehensive study of the most vulnerable vectors across all EDR platforms. Results also include findings on a high percentage of false negatives from EDR solutions with limited false positive alerts. An additional section on EDR tampering was included to document the “blinding” techniques used by cyber adversaries to disable detection controls for attack infiltration.
Description
Keywords
Multi-vector attacks, Endpoint detection, Response systems