Endpoint Detection and Response Essentials

Endpoint Detection and Response Essentials

by Guven Boyraz
Released May 2024
Publisher(s): Packt Publishing
ISBN: 9781835463260

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Elevate your expertise in endpoint detection and response by mastering advanced EDR/XDR concepts through real-life examples and fortify your organization's cyber defense strategy

Key Features

  • Learn how to tackle endpoint security problems in your organization
  • Apply practical guidance and real-world examples to harden endpoint security
  • Implement EDR/XDR tools for optimal protection of digital assets
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

In this data-driven age, safeguarding sensitive data and privacy has become paramount, demanding a deep understanding of the intricacies of cyberspace and its associated threats. With a focus on endpoint defense, Endpoint Detection and Response Essentials guides you in implementing EDR solutions to stay ahead of attackers and ensure the overall security posture of your IT infrastructure.

Starting with an insightful introduction to EDR and its significance in the modern cyber threat landscape, this book offers a quick overview of popular EDR tools followed by their practical implementation. From real-world case studies, best practices, and deployment strategies to maximizing the effectiveness of EDR, including endpoint hardening techniques and advanced DNS visibility methods, this comprehensive resource equips you with the knowledge and hands-on skills to strengthen your organization’s defense against cyber attacks. Recognizing the role of the DNS protocol, you’ll fortify your organization's endpoint defense proactively.

By the end of this book, you'll have honed the skills needed to construct a resilient cybersecurity defense for yourself and your organization.

What you will learn

  • Gain insight into current cybersecurity threats targeting endpoints
  • Understand why antivirus solutions are no longer sufficient for robust security
  • Explore popular EDR/XDR tools and their implementation
  • Master the integration of EDR tools into your security operations
  • Uncover evasion techniques employed by hackers in the EDR/XDR context
  • Get hands-on experience utilizing DNS logs for endpoint defense
  • Apply effective endpoint hardening techniques within your organization

Who this book is for

If you're an IT professional seeking to safeguard yourself and your company's digital assets, this book is for you. To make the most of its content, a foundational understanding of GNU/Linux, operating systems, networks, and programming concepts is recommended. Additionally, security professionals eager to delve into advanced endpoint defense techniques will find this book invaluable.

Table of contents

  1. Endpoint Detection and Response Essentials
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
    8. Download a free PDF copy of this book
  6. Part 1: The Fundamentals of Endpoint Security and EDR
  7. Chapter 1: Introduction to Endpoint Security and EDR
    1. An overview of modern cybersecurity threats and challenges
    2. Importance of endpoint security in modern IT environments
    3. EDR tools versus traditional anti-virus – navigating the new world of endpoint security
    4. Evolution of EDR technologies
    5. Summary
  8. Chapter 2: EDR Architecture and Its Key Components
    1. Definition and core concepts of EDR
      1. Endpoints
      2. Endpoint visibility (monitoring)
      3. Detection
      4. Response
    2. EDR architecture
    3. Key features and capabilities of EDR tools
    4. An overview of popular EDR tools
      1. Microsoft Defender for Endpoint
      2. SentinelOne
      3. CrowdStrike Falcon Insight
    5. Summary
  9. Chapter 3: EDR Implementation and Deployment Strategies
    1. The planning and considerations before deploying EDR and deployment models
      1. On-premises EDR
      2. Cloud-based EDR
      3. Hybrid EDR
    2. Lab experiment – hands-on deployment of SentinelOne Singularity EDR/XDR
    3. Use cases
      1. Use case 1
      2. Use case 2
      3. Use case 3
    4. Summary
  10. Part 2: Advanced Endpoint Security Techniques and Best Practices
  11. Chapter 4: Unlocking Synergy – EDR Use Cases and ChatGPT Integration
    1. DFIR life cycle
    2. Use case 1 – identifying the source and root cause of data leakage in the cyber incidents
      1. Objective
      2. Background
      3. Integration process
      4. Analysis and correlation
      5. Benefits
      6. Conclusion
    3. Use case 2 – endpoint management with EDR
      1. Objectives
      2. Policy definition and deployment
      3. Benefits
      4. Conclusion
    4. Use case 3 – safeguarding your company against WannaCry using EDR
      1. Background
      2. Incident timeline
      3. Outcomes and lessons learned
    5. Use case 4 – email security
    6. Use case 5 – ransomware incident
    7. Use case 6 – man-in-the-middle attack
    8. Summary
  12. Chapter 5: Navigating the Digital Shadows – EDR Hacking Techniques
    1. The foundation of the evasion life cycle
    2. Function hooking DLLs and how to evade them with 
In/DirectSyscalls
      1. Event Tracing for Windows (ETW) and how to evade it
      2. Patching
      3. Configuration modification
      4. Living off the Land (LOTL) techniques
      5. Microsoft’s unwitting role
    3. Use of kernel-land software (aka the driver method)
    4. Summary
  13. Chapter 6: Best Practices and Recommendations for Endpoint Protection
    1. Endpoint hardening
      1. Network segmentation
      2. Inventory and asset discovery
      3. Using a VPN
      4. Using MFA
      5. Closing the USB ports
      6. Automated updates
      7. Implementing endpoint encryption
      8. Regularly assessing and auditing endpoints
      9. Imposing least privileges and access controls
      10. Automatic screen lock
    2. Managing your passwords
    3. Roaming clients
    4. Summary
  14. Part 3: Future Trends and Strategies in Endpoint Security
  15. Chapter 7: Leveraging DNS Logs for Endpoint Defense
    1. DNS protocol and enrichment
      1. Example use cases
    2. DNS firewall
      1. How does it work?
      2. Key advantages of DNS firewalls
    3. Domain categorization
    4. Domains without an IP address
    5. DNS tunneling
      1. Important elements of detection techniques
    6. Summary
  16. Chapter 8: The Road Ahead of Endpoint Security
    1. Summary of this book
    2. The future of endpoint security
  17. Index
    1. Why subscribe?
  18. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Endpoint Detection and Response Essentials
  • Author(s): Guven Boyraz
  • Release date: May 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835463260