Kieran Grieve Combes

EDR should also allow you do too things such as remote process/memory fingerprints and capture. I've seen ones that allow you to isolate a host from the network and only allow it communicate to the edr controller, you can also do more advanced forensic captures. if it's just doing av it's not edr because the response part is missing.

@Glenn Pegden thumbs up for stw, it's a wonderful place mostly.

I'm an ex pentester and red teamer now heading up threat, vulnerability and app sec for a large retailer also Interim head of security operations. London based. Before security i managed ad and exchange environments for finance companies.