I understand why people pick CrowdStrike/Sentinel One, etc over MDE now.

I am in no way affiliated with an MSP/MSSP or any vendor. I started at my current role 14 months ago and inherited CrowdStrike. I never understood why companies would pick an expensive EDR like CrowdStrike when you can do so much on an E5 license. Previous to this company MDE was the EDR I had the most experience with. I'd implemented the full MS security stack from MDE to MDI, MDO and Sentinel. Some of the specific challenges I face is that the IT department is significantly understaffed and...

How to Handle Policy Assignment Without AD Group Support in CrowdStrike

Hello everyone, We're in the process of integrating CrowdStrike Falcon EDR as our new EDR solution, replacing Bitdefender. I'm trying to recreate the same groups with the same assignment rules to ensure a smooth deployment, but I've run into an issue. With Bitdefender, we used assignment rules based on AD groups. Since CrowdStrike doesn't support AD group - based assignments, I decided to go with the "last logged-in user" logic. This works fine until I use my privileged account to open certain...

EDR vs MDR - What is the Difference and Which Solution Right for Your Organization?

As cybersecurity threats continue to evolve in complexity and sophistication, organizations face critical decisions about their security infrastructure. Two prominent approaches have emerged as frontrunners in enterprise security: Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). While both solutions aim to protect organizations from advanced threats, they differ significantly in their implementation, management requirements, and

Hackers Can Exfiltrate Windows Secrets and Credentials Silently by Evading EDR Detection

A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have gained an initial foothold on a Windows machine to harvest credentials for lateral movement across a network without triggering common security alerts. How Windows Manages Secrets The Local Security Authority

EDR/XDR market share by platforms

Which platform do you mostly deploy EDR/XDR in your firm ? Thanks. View Poll submitted by /u/Pristine-Remote-1086 [link] [comments]

How critical is Cyber Threat Intelligence in staying ahead of today's attackers?

Lately it feels like cyberattacks are evolving faster than defenses - ransomware gangs selling access, phishing kits anyone can buy, and sensitive data showing up on dark web forums almost daily. By the time traditional tools like firewalls or EDR trigger an alert, the damage can already be done. That's where Cyber Threat Intelligence (CTI) is supposed to change the game. Instead of just reacting, CTI gives teams an early warning system - monitoring threat actor chatter, spotting leaked...

Switching from Full-Stack Dev to Cybersecurity (SOC Analyst) - Need Advice

I've been working on full-stack development (React, Node, Java, etc.), but I'm really interested in moving towards cybersecurity, especially SOC analyst roles, SIEM, EDR, blue team stuff. I wanted to ask: • How realistic is it to move from a dev background into cybersecurity? Do companies hire freshers/juniors into SOC analyst roles, or should I build up with certs/internships first? Does dev experience give me any advantage, or would I basically be starting from scratch? Any...

Why email security needs its EDR moment to move beyond prevention

Email security is stuck where antivirus was a decade ago - focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection.

RingReaper Malware Attacking Linux Servers Evading EDR Solutions

A sophisticated new malware strain targeting Linux environments has emerged, demonstrating advanced evasion capabilities that challenge traditional endpoint detection and response systems. RingReaper, identified as a post-exploitation agent, leverages the Linux kernel's modern asynchronous I/O interface to conduct covert operations while maintaining minimal visibility to security monitoring tools. The malware's primary innovation lies in its

Elastic response to blog 'EDR 0-Day Vulnerability'

submitted by /u/digicat [link] [comments]

SAM and LSA Secrets Dump Attacks

Using Falcon EDR, is it possible to configure a prevention policy that would prevent SAM and LSA Secrets dump attacks, or would the identity module be required? We're using a phase 3 prevention policy set to the current recommended settings and during a recent test, local hashes and LSA secrets were successfully extracted from a Windows host. I'd like to get some guidance and preventing that. submitted by /u/RobotCarWash [link] [comments]

BlockEDRTraffic: Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

submitted by /u/digicat [link] [comments]

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product.

RingReaper Linux Malware: EDR Evasion Tactics and Technical Analysis

New writeup on ringreaper, a post-exploitation agent that abuses the Linux kernel's io_uring interface to stay under the radar. Instead of calling read, write, netstat, or who, it rewrites those behaviors through io_uring primitives. observed capabilities include: process and user session enumeration via async reads of /proc and /dev/pts network connection discovery without netstat/ss calls data collection from /etc/passwd through async io privesc checks for abusable suid binaries self-deleting...

How to get all users that has their password last set greater than 90 days

I have a Falcon deployment with both EDR and IDP and trying to get this information. IDP has a built in function to get aged passwords but that is set to last 6 months and cannot be changed afaik. I am now resorting to running a query but not quite sure how to construct this. I have reached to the following query and need some help to add a filter that will give me last 90 days. #event_simpleName=UserLogon | PasswordLastSet=* //LogonType=11 | UserPrincipal=~wildcard(?user, ignoreCase=true) |...

Any trustworthy tests for EDRs ?

I'm looking at different EDR solutions but I want to be able to make the most informed decision. Is there any company that compares different EDRs without bias ? submitted by /u/AccomplishedJury33 [link] [comments]

Elastic response to blog 'EDR 0-Day Vulnerability'

Free/Open source EDR/XDR for Linux endpoints and servers

Please list the free/open source EDR/XDR for Linux endpoints and servers that you have experience with. Please do not mention "Wazuh" or other SIEM tools. Thanks in advance. submitted by /u/Pristine-Remote-1086 [link] [comments]

Crypto24 ransomware attacks disable EDR with custom and legitimate tools

submitted by /u/NISMO1968 [link] [comments]

Is application whitelisting + EDR enough?

Against the major ransomware gangs and other normal business attacking cybercriminals, is application white listing + EDR enough for endpoint/network security? Obviously you'd want more for cloud accounts, but how about day to day web browsing/email checking etc. of the average business. submitted by /u/UnpaidMicrosoftShill [link] [comments]