how malware is checked with edr/xdr/ids/ network monitors?

[drpalpatine]

implementation of EDR/XDR/IDS/ network monitors in simple virtual machines settings is not easy --> for testing the payloads not just at scantime/runtime but also while passing commands to the payload and how it behaves on the system and network
what are the some ways people test with such products?

 

[drpalpatine]

the question can be extended to all kind of products --> cloud security, mail spam filters, firewalls and ngfw, data loss prevention, ddos protection, email security, identity protections products and the list is increasing every year
what are the approaches to each group of such products

 

[ragebot]

Like you said,it's not easy to setup a threat hunting lab on your own.

From the perspective of attacker, there are so many variables to take in consideration when penetrating a network. The majority of the resources for defense are very limited for obvious reasons.

I believe the best approach would be same as the ones to have access to comercial red team tools that require proof of legitimacy when conducting operations.

 

[drpalpatine]

I believe the best approach would be same as the ones to have access to comercial red team tools that require proof of legitimacy when conducting operations.

can you explain more?
even if one can get license to such products --> it cannot be effectively setup in a simple lab as compared in real world
i think somebody wrote on the forum previously that they collect the samples from friends regarding edr testing