An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors
Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APT...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-07-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/1/3/21 |
| _version_ | 1797518647855415296 |
|---|---|
| author | George Karantzas Constantinos Patsakis |
| author_facet | George Karantzas Constantinos Patsakis |
| author_sort | George Karantzas |
| collection | DOAJ |
| description | Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack. |
| first_indexed | 2024-03-10T07:32:40Z |
| format | Article |
| id | doaj.art-2fa54282158647228227036faa0ad84c |
| institution | Directory Open Access Journal |
| issn | 2624-800X |
| language | English |
| last_indexed | 2024-03-10T07:32:40Z |
| publishDate | 2021-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Cybersecurity and Privacy |
| spelling | doaj.art-2fa54282158647228227036faa0ad84c2023-11-22T13:42:35ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2021-07-011338742110.3390/jcp1030021An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack VectorsGeorge Karantzas0Constantinos Patsakis1Department of Informatics, University of Piraeus, 80 Karaoli & Dimitriou Str., 18534 Piraeus, GreeceDepartment of Informatics, University of Piraeus, 80 Karaoli & Dimitriou Str., 18534 Piraeus, GreeceAdvanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack.https://www.mdpi.com/2624-800X/1/3/21advanced persistent threatsEDRmalwareevasion |
| spellingShingle | George Karantzas Constantinos Patsakis An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors Journal of Cybersecurity and Privacy advanced persistent threats EDR malware evasion |
| title | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors |
| title_full | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors |
| title_fullStr | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors |
| title_full_unstemmed | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors |
| title_short | An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors |
| title_sort | empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors |
| topic | advanced persistent threats EDR malware evasion |
| url | https://www.mdpi.com/2624-800X/1/3/21 |
| work_keys_str_mv | AT georgekarantzas anempiricalassessmentofendpointdetectionandresponsesystemsagainstadvancedpersistentthreatsattackvectors AT constantinospatsakis anempiricalassessmentofendpointdetectionandresponsesystemsagainstadvancedpersistentthreatsattackvectors AT georgekarantzas empiricalassessmentofendpointdetectionandresponsesystemsagainstadvancedpersistentthreatsattackvectors AT constantinospatsakis empiricalassessmentofendpointdetectionandresponsesystemsagainstadvancedpersistentthreatsattackvectors |