Never Trust, Always Verify: Effectiveness of Endpoint Detection and Response Tools Versus Zero Trust Endpoint Controls in Enterprise Environments
Threat actors are finding new ways to evade detection by exploiting built-in tools like Living Off the Land Binaries (LOLBINs), scripts, and libraries that bypass security measures such as Endpoint Detection and Response (EDR) systems.
SANS_Never_Trust_Always_Verify_Effectiveness _Endpoint_Detection_Response_Tools_Versus_Zero_Trust_Endpoint_Controls_Enterprise_Environments_V2 (PDF, 2.26MB)
5 Dec 2024Related Content
Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement
Research PaperThis study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.
- 5 Dec 2025
Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains
Research PaperThis research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.
- 19 Nov 2025
Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement
Research PaperThe proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.
- 6 Nov 2025
Isolated Trust: Zero Trust in Standalone Systems
Research PaperThe use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.
- 6 Nov 2025
"You Again": Fingerprinting and Tracking Mechanisms of Malicious Sites
Research PaperBrowsers provide many APIs for any visited site to perform stateful and stateless tracking, and legitimate websites utilize these capabilities. Yet little is widely known about what tracking, if any, malicious sites perform.
- 26 Sep 2025
Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Research PaperEvaluating Zero Trust Network Access: A Framework for Comparative Security Testing
- 11 Jul 2025
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
SIEM Detection Logic Conversion with LLMs
Research PaperThis research explores how Large Language Models (LLMs) and automation scripts can expedite the translation of detection logic between SIEMs, converting detections in minutes instead of hours.
- 2 May 2025
Validating the Effectiveness of MITRE Engage and Active Defense
Research PaperThis research examines the impact of Active Defense compared to a traditional security posture when an adversary employs common tactics and techniques to identify high-value targets or exfiltrate sensitive data.
- 29 Mar 2025
Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
Research PaperThe number of open-source software components, as well as the number of existing security...
- 26 Mar 2025
Strolling Through the STIG
Research PaperThe CKL file has become the unofficial common language amongst the Department of Defense activities...
- 7 Mar 2025
Building Resilient IoT Devices: Binary Hardening with Yocto and Clang
Research PaperThis paper addresses the critical need for enhanced security in Internet of Things (IoT) devices by evaluating the implementation of binary hardening techniques using Clang security features within the Yocto build environment.
- 3 Mar 2025
Identifying Advanced Persistent Threat Activity Through Threat-Informed Detection Engineering: Enhancing Alert Visibility in Enterprises
Research PaperAdvanced Persistent Threats (APTs) are among the most challenging to detect in enterprise...
- 20 Feb 2025
Persistence Busters: High Impact Methods for Adversary and Threat Detection
Research PaperThis research investigates the top persistence techniques targeting Windows systems as documented in the MITRE ATT&CK framework and how to detect them.
- 7 Feb 2025
Evaluating Modern Network Protocol Fingerprinting: Defending Bastion Hosts in Hostile Networks
Research PaperAdversaries continue to attack the network perimeter and trusted user workstations to gain access to...
- 6 Feb 2025
The Proof is in the Pudding: EDR Configuration Versus Ransomware
Research PaperEach Endpoint Detection and Response (EDR) tool is slightly different in its functions and...
- 23 Dec 2024
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords
Research PaperAs digital threats grow increasingly sophisticated, traditional password-based authentication...
- 23 Dec 2024
- Rich Greene
Using PowerShell and Other Command Line Tools for Windows 11 STIG Compliance
Research PaperHardening non-domain joined Windows 11 operating systems is a daunting task without automation....
- 5 Dec 2024
Securing the Web: Shortening TLS Certificate Lifespans for Enhanced Security
Research PaperGoogle has proposed changing the maximum validity period of TLS certificates from 398 to 90 days....
- 5 Dec 2024
Kubernetes: Micro-Segmentation for Kubernetes Instantiated Ephemeral Workloads
Research PaperDefensive security professionals will have to commit focused energy and resources to protect...
- 5 Dec 2024