An organization's assessments reveal repeated unauthorized activity spreading across user laptops. Leadership requests a solution that correlates suspicious processes and automates blocking across devices. Which approach meets these requirements best?
A platform that gathers data from perimeter devices for correlation
A suite that monitors devices in real time, analyzes unusual activities, and separates suspicious users from resources
A system that locates known malicious files using scheduled checks
A policy that restricts web traffic to approved destinations
A suite that analyzes user activity on each device and offers automated isolation aligns with Endpoint Detection and Response (EDR). EDR solutions gather host-based telemetry, use behavior analytics to detect atypical actions, and isolate devices to prevent further compromise. In contrast, log aggregation focuses on perimeter events, scheduled scans detect primarily known signatures, and web content filters do not address threats that spread inside the network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Endpoint Detection and Response (EDR)?
Open an interactive chat with Bash
How does EDR differ from traditional antivirus software?
Open an interactive chat with Bash
What is the importance of host-based telemetry in EDR?