A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?
Replacing the current antivirus with an EDR (Endpoint Detection and Response) solution is the most appropriate recommendation. EDR solutions provide advanced threat detection, real-time monitoring, and behavioral analysis which can detect and mitigate new and unknown malware more effectively than traditional antivirus methods. This proactive approach to endpoint security is especially important for remote work environments, such as the CEO's laptop being compromised at home, as it ensures continuous monitoring and rapid response to threats before they can cause significant damage.
I think that a UTM appliance is the best solution
https://www.malwarebytes.com/cybersecurity/business/what-is-edr
Yea, get an EDR solution.
(EDR) is a proactive endpoint security approach designed to supplement existing defenses. This advanced endpoint approach shifts security from a reactive threat approach to one that can detect and prevent threats before they reach the organization
"Working from home" indicates that it needs EDR
EDR is superior to a UTM because that means there is a post-breach endpoint security platform that is hosted in the cloud. Perfect for "at home" Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
"service outages", "further endpoint disruption". Endpoints can refer to servers.
Advanced Threat Detection: EDR solutions offer more advanced capabilities than traditional antivirus software. They can detect and respond to a wider range of threats, including new and unknown malware. Real-Time Monitoring: EDR provides real-time monitoring and analysis of endpoint activities, allowing for quicker detection and response to threats. Behavioral Analysis: EDR tools use behavioral analysis to identify suspicious activities, which can help in detecting malware that might not be caught by signature-based methods. Incident Response: EDR solutions often include tools for incident response, helping to contain and remediate threats more effectively.