Which of the following security tools monitors devices and records the information in a central database for further analysis?
Which of the following security tools monitors devices and records the information in a central database for further analysis?
Endpoint detection and response (EDR) tools are specifically designed to continuously monitor endpoint devices such as computers, servers, and mobile devices. These tools collect and record information regarding the activities on these devices, and this information is then typically stored in a central database for further analysis. EDR systems focus on detecting and investigating suspicious activities, which may not be efficiently identified by traditional security tools like antivirus or HIDS.
Agree with D.
D is correct
Endpoint detection and response (EDR) is the right answer. SOAR does not do the analysis later, it actually analyzes the data. EDR is the one that sends the information to a database or SIEM or SOAR for later analysis.
Much like a home security system, HIDS software logs the suspicious activity and reports it to the administrators managing the devices or networks. https://www.dnsstuff.com/host-based-intrusion-detection-systems Not the defacto source of information but we are monitoring and reporting. Doesn't say taking action.
Can we do analysis with HIDS? Think about Snort!
It is D
From official study guide page 9th edition - page 558 Some EDR solutions employ an on-device analysis engine whereas others report events back to a central analysis server or to a cloud solution. The goal of EDR is to detect abuses that are potentially more advanced than what can be detected by traditional antivirus programs or HIDSs
EDR – Endpoint Detection and Response EDR (endpoint detection and response) continuously monitors endpoints (desktops, laptops, mobile devices, servers, or any device connected to an organization’s network) to detect malicious behavior.
Its between HIDS and EDR. But I take HIDS, The questions states ' monitors devices and records the information' it does not ask for any response or action. Thus B meets this criteria better.
If B and D are central database, A is not that purpose, I vote C
One approach that’s becoming increasingly popular is endpoint detection and response (EDR). As a product category rather than a defined standard, EDR software varies in its features. Most solutions focus on gathering all sorts of behaviors on individual hosts and across the network, then using them to investigate suspicious activities. Each host with EDR installed runs an agent that monitors processes, configuration changes, network connections, and file system activity. Then it’s all gathered into a centralized reporting system you can use to analyze host health and trends, including, but not limited to, signs of attack or other security risks.
In real-world, you don't install EDR or a central database (which is usually a server). Because EDR is intended for endpoints (Desktops and Laptops that run client OSs). ! However, I will go with Option D, because Option C (SOAR) is not used for further analysis, but for response.
"Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance"
D. Endpoint detection and response (EDR) Endpoint detection and response (EDR) tools are designed to monitor endpoint devices (e.g., computers, servers, mobile devices) and record information about their activities. This information is typically stored in a central database for analysis.
there is no central database for host based or endpoint.
Endpoint Detection and Response (EDR) is a security solution that monitors endpoint devices (workstations, servers, laptops, etc.), and collects and records security-related information such as process activity, network connections, and file modifications. Can't be B. Host-based IDS (HIDS) detects suspicious activities on individual hosts but does not natively send collected data to a central database for broad analysis like EDR.