Doosan Digital Innovation

Daewon Ryu, Senior Manager

In an environment where security threats are becoming increasingly sophisticated, verifying the detection and response capabilities of EDR (Endpoint Detection and Response) solutions in advance is emerging as a crucial task for security operations. In particular, attack simulations based on various intrusion scenarios are the only means to quantitatively evaluate how effectively security solutions can respond to actual threat situations. In this presentation, we will share the results of an objective analysis of threat detection accuracy, log visibility, response speed, and other key metrics, focusing on EDR verification cases based on attack simulations performed in actual corporate environments. In addition, we will present response strategies for detection bypass scenarios, as well as directions for improving the security operation system to complement them. Through this lecture, participants will gain insight into realistic and feasible EDR evaluation strategies that can effectively respond to the latest threats and learn how to establish a security system centered on preemptive responses.