Μελέτη τεχνολογιών ασφάλειας EDR (Endpoint Detection & Response), EPP (Endpoint Protection Platform) και antivirus

A study of EDR (Endpoint Detection & Response), EPP (Endpoint Protection Platform) and antivirus technologies

Thumbnail
Master Thesis
Author
Ματάκιας, Εμμανουήλ
Date
2024-02
Advisor
Κοτζανικολάου, Παναγιώτης
View/Open
Keywords
Σύστηματα ασφαλείας ; EDR ; EPP ; Wazuh ; Bluespawn ; Anti-virus 
Abstract
Endpoint Detection and Response (EDR) tools provide visibility into advanced intrusions by correlating system events with known malicious behaviors. However, current solutions face three challenges: ● EDR tools generate a high volume of false alarms, leading to accumulated research tasks for analysts. ● Verifying the legitimacy of these threat alerts requires labor-intensive work due to the overwhelming number of low-level system logs, creating a "needle in a haystack" problem. ● Due to the massive resource load of maintaining log files, system logs describing long- term attack campaigns are often deleted before an investigation begins. The goal of this thesis is to analyze the benefits and characteristics of various EDR tools. We introduce the concept of Endpoint Protection Platforms (EPP), which is a comprehensive security solution developed on endpoint devices to protect against threats. We will discuss Anti- Virus programs (AV), next-generation Anti-Virus programs (NGAV), threats to endpoints, and the damage these threats can cause. We will focus on some commercial Endpoint Detection and Response (EDR) systems, such as McAfee MVision EDR, CrowdStrike Falcon Insight, and Microsoft Defender ATP. Additionally, we will examine some open-source EDR systems like Wazuh, OpenEDR, and Bluespawn. These will be installed on specific endpoints, and their behavior during an intrusion, simulated using Caldera, will be analyzed. Finally, we will analyze why Endpoint Detection and Response systems are essential for the proper security of the endpoints and of the relevant data processed by the endpoints.
Postgraduate Studies Programme
Κυβερνοασφάλεια και Επιστήμη Δεδομένων
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Πληροφορικής
Number of pages
88
Language
Greek
URI
https://dione.lib.unipi.gr/xmlui/handle/unipi/16263
http://dx.doi.org/10.26267/unipi_dione/3685
Collections
Show full item record
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Βιβλιοθήκη Πανεπιστημίου Πειραιώς
Contact Us
Send Feedback
Created by ELiDOC
Η δημιουργία κι ο εμπλουτισμός του Ιδρυματικού Αποθετηρίου "Διώνη", έγιναν στο πλαίσιο του Έργου «Υπηρεσία Ιδρυματικού Αποθετηρίου και Ψηφιακής Βιβλιοθήκης» της πράξης «Ψηφιακές υπηρεσίες ανοιχτής πρόσβασης της βιβλιοθήκης του Πανεπιστημίου Πειραιώς»