Keith
@kwm
@ConsciousHacker @subTee Every EDR product has an administrative boundary. Beyond that, tamper detection is a game of anomaly detection in telemetry metadata, comms.
11/5/2017, 11:08:31 PM
Favs: 2
Retweets: 0
link← @kwm Twitter archive
Keith
@kwm
@ConsciousHacker @subTee Every EDR product has an administrative boundary. Beyond that, tamper detection is a game of anomaly detection in telemetry metadata, comms.
11/5/2017, 11:08:31 PM
Favs: 2
Retweets: 0
linkKeith
@kwm
@ConsciousHacker @subTee If you expect a median event rate of 5/endpoint/sec, good luck figuring out whether an instance of 3/sec is normal or deliberate suppression
11/5/2017, 11:11:11 PM
Favs: 3
Retweets: 0
link