While contemporary analysis shows that traditional anti-virus is becoming less and less useful, the question then becomes what next?
Well, for endpoints EDR makes sense, but what about server systems?
The answer to that depends on the industry & threats present to those server systems. With that said, Sysmon(d) should be the lowest common denominator, w/ advanced threat protections (ATP) added for good measure when an organization has a (relatively) flat network.
If an organization has not invested in EDR & ATP, & realizes an enhanced level of risk, then a host-based intrusion detection system (HIDS) would be needed.
No comments:
Post a Comment