Endpoint Detection And Response (EDR)
[TBD]
Outcome
- All devices have an EPP installed
- The EPP is configured to proactively detect and block malware
- The EPP is configured to detect and block malicious activity
- There are automations is place to confirm with the users if the detection is a false positive
Metrics
- Percentage of devices with EPP installed
- Number of detections
- Number of confirmed detections
- Number of false positives
- Number of devices with EPP not reporting to the management console
Tools & Resources
- Wazuh (Free/Paid)
- CrowdStrike (Paid)
- Carbon Black (Paid)
- SentinelOne (Paid)
- Symantec (Paid)