Question

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:

Stop malicious software that does not match a signature
Report on instances of suspicious behavior
Protect from previously unknown threats
Augment existing security capabilities

Which of the following tools would BEST meet these requirements?

A. Host-based firewall
B. EDR
C. HIPS
D. Patch management

Answer 1

EDR, or Endpoint Detection and Response, is the best tool for a security team to prevent ransomware outbreaks as it meets the requirements for identifying malicious software without signatures, reporting suspicious behavior, and protecting against unknown threats, thus augmenting the company's current security measures.

Step-by-step explanation:

To address the security team's need to prevent ransomware outbreaks and to protect the company from financial loss, the tool that would best meet the given requirements is Endpoint Detection and Response (EDR). EDR systems are designed to continuously monitor and gather data from end-user devices to identify threat patterns. Unlike traditional antivirus tools that rely on known signatures, EDR solutions can detect and respond to suspicious behavior and previously unknown threats, thanks to behavior-based analytics, machine learning, and anomaly detection techniques.

Although other options like a host-based firewall, Host Intrusion Prevention Systems (HIPS), and patch management each play a crucial role in an organization's overall security posture, none of them satisfy the requirements for signature-less malware detection, reporting on suspicious behavior, or augmenting existing security capabilities as effectively as EDR.