you want exploit prevention and some things that correlate process execution to network traffic, and need tls interception. otherwise u dont know shit. litterally.
to get process execution, something will need to know what process was launched from what file. not sure how u wanna get around that.
mostly opensource xdr doesnt really work since its rules are open. its trivial to find a bypass.
vendor technology in this area is closed for good reason. if u know how it works u can bypass it. hiding gives em time to change shit up before it leaks too much...
Maybe spend some time at some conferences and get to know the ppl building such things and learn how they work. its interesting and might make it less scary.
and yes, it totally happens companies data ends up in their clouds for analysis.
problem is, either you risk your data to AV vendor, who already earns enough for your data to be pretty much worthless to them, or u risk some rando popping ur box and making off with your data.
2 comments
[ 2.7 ms ] story [ 16.5 ms ] threadto get process execution, something will need to know what process was launched from what file. not sure how u wanna get around that.
mostly opensource xdr doesnt really work since its rules are open. its trivial to find a bypass.
vendor technology in this area is closed for good reason. if u know how it works u can bypass it. hiding gives em time to change shit up before it leaks too much...
Maybe spend some time at some conferences and get to know the ppl building such things and learn how they work. its interesting and might make it less scary.
and yes, it totally happens companies data ends up in their clouds for analysis.
problem is, either you risk your data to AV vendor, who already earns enough for your data to be pretty much worthless to them, or u risk some rando popping ur box and making off with your data.
take ur pick.