Curious to know what #EDR solutions people use and the one best / one worst things about them are. #sentinelone #crowdstrike #trendmicro #checkpoint #cybereason #defender #carbonblack #symantec #paloalto #malwarebytes #carbonblack #trellix #sophos #cylance
Crawford_UFV@infoseccoops
We currently have #crowdstrike for our #EDR. It's ease of investigation was way ahead of our old solution. It is light on resources (1% cpu), easy to deploy. However it's taken us time to learn enough to be proficient with Splunk queries to get custom alerting. For example jon domain accounts in local admin.