SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsEndpoint Detection and Response (EDR) capabilities are rapidly evolving as a method of identifying threats to an organization's computing environment. Global research and advisory company, Gartner defines EDR as: 'Solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems' (Gartner, 2019). This paper explores the feasibility and difficulty of using open-source tools as a practical alternative to commercial EDR solutions. A business with sufficiently mature Incident Response (IR) processes might find that building an EDR solution 'in house' with open-source tools provides both the knowledge and the technical capability to detect and investigate security incidents. The required skill level to begin using and gaining value from these tools is relatively low and can be acquired during the build process through problem deconstruction and solution engineering.