Exploring protection systems
Antivirus software is the most basic type of protection system used to defend endpoints against malware. But besides antivirus software (which we will explore in the Antivirus – the basics section), there are many other types of products to protect a home and business user from these threats, both at the endpoint and network levels, including the following:
- EDR: The purpose of EDR systems is to protect the business user from malware attacks through real-time response to any type of event defined as malicious.
For example, a security engineer from a particular company can define within the company's EDR that if a file attempts to perform a change to the
SQLServer.exeprocess, it will send an alert to the EDR's dashboard. - Firewall: A system for monitoring, blocking, and identification of network-based threats, based on a pre-defined policy.
- IDS/IPS: IDS and IPS provide network-level security, based on generic signatures, which inspects network packets and searches for malicious patterns or malicious flow.
- DLP: DLP's sole purpose is to stop and report on sensitive data exfiltrated from the organization, whether on portable media (thumb drive/disk on key), email, uploading to a file server, or more.
Now that we have understood which security solutions exist and their purpose in securing organizations and individuals, we will understand the fundamentals of antivirus software and the benefits of antivirus research bypass.
