Endpoint detection is not just a bad file against a good file decision, and it is widely accepted that in order to detect a number of attacks that exceeds the preventive controls, it is needed to monitor and analyze continuously. EDR solutions that collects detailed endpoint incidents and events can detect these attacks and, in some cases, they prevent them to automatically spread.
Advantages:
Detects local events that can’t be seen through the network
Provides detailed telemetry related to the attacker’s actions on each system
Covers remote systems that are not on the company network
Is not dependent on log activation
Is not affected by network encryption technologies
