April 10, 2017
5 Reasons Why Rules-Based Protection Fails
Many endpoint detection and response (EDR) products claim to be disruptive, and provide zero-gap protection. These products rely on rules-based engine, an approach that checks for pre-built sequences of collected events to determine any malicious activity in an enterprise. EDR products with rules-based approaches fail to protect against unknown threats at the earliest stages of the attack lifecycle. The following summarizes the five main failures of rules-based products.