SentinelOne Active EDR
ActiveEDR is an automated response that relies on artificial intelligence to take the burden off the IT team. IT teams can quickly understand the story and root cause behind each threat. The technology can autonomously attribute each event on the endpoint to its root cause without any reliance on cloud resources.
Why is it important?
Malware that changes characteristics to slip past known signatures since there is a lag time between updates
Tricks AV scans since they only scan the doc and not the embedded script
Browser Drive-by Downloads:
Leverages browser or add-in exploits to download malware
Attacks that occur without installing a payload, typically in memory and uses the system’s built-in resources to execute code to infect or open firewall ports
Hackers hiding or protecting malicious code within benign code, Encryption, or even playing dead with AV company’s Sandbox for discovering Malware
Unknown vulnerability or exploit before providers can issue updates