This thread is relevant to EDR/EPP for two reasons:
1) There are no tamper-proof endpoint solutions. Tamper evident is the best that you can hope to achieve.
2) Due to #1, but for other reasons as well, timely exfiltration of endpoint telemetry is of utmost importance. https://twitter.com/taviso/status/946411989793783810
12/28/2017, 10:18:33 PM