МЕТОДИКА ТЕСТУВАННЯ МОЖЛИВОСТЕЙ ПРОГРАМНИХ РІШЕНЬ ENDPOINT DETECTION AND RESPONSE (EXTENDED DETECTION AND RESPONSE)

Roman Shtonda; Oleksii Cherednychenko; Denys Fomkin; Olena Bokii; Pavlo Kutsaiev

doi:10.28925/2663-4023.2025.27.737

Authors

Roman Shtonda Kruty Heroes Military Institute of Telecommunications and Information Technology https://orcid.org/0000-0001-5986-0847
Oleksii Cherednychenko Kruty Heroes Military Institute of Telecommunications and Information Technology https://orcid.org/0000-0002-0816-8321
Denys Fomkin Kruty Heroes Military Institute of Telecommunications and Information Technology https://orcid.org/0000-0003-0128-9355
Olena Bokii Kruty Heroes Military Institute of Telecommunications and Information Technology https://orcid.org/0009-0006-3459-5665
Pavlo Kutsaiev Kruty Heroes Military Institute of Telecommunications and Information Technology https://orcid.org/0000-0002-3235-3316

DOI:

https://doi.org/10.28925/2663-4023.2025.27.737

Keywords:

cyberattacks, cybersecurity, cyberdefense, cyberincidents, endpoint, solutions

Abstract

In the conditions of modern cyberspace, Endpoint Detection and Response (Extended Detection and Response) software solutions are the key to cyber protection. These solutions play a key role in the cyber protection of end devices operating in information and communication systems and electronic communication networks. However, the effectiveness of these solutions can vary significantly. That is why a comprehensive approach to testing their capabilities is necessary, which will allow them to be effectively evaluated.

This article discusses the methodology for testing the capabilities of Endpoint Detection and Response (Extended Detection and Response) software solutions. Testing Endpoint Detection and Response (Extended Detection and Response) software solutions is carried out according to the following methods proposed by the authors of the article: checking organizational issues; checking the capabilities of installation, removal, and operation in the system; checking the configuration, editing of policies and rules; checking console functions; checking the management of threat indicators, detection, response and blocking of threats; checking the capabilities of analysis and data collection; verification of additional functions and modules. After testing using the listed methods, it is necessary to evaluate the test results. This evaluation of the results is carried out separately for each Endpoint Detection and Response (Extended Detection and Response) software solution for each operating system and their comparative analysis by points and coefficients. Based on the testing results, a report is prepared, which provides specific proposals for choosing the most appropriate software solution for use on end devices, taking into account the results of practical testing, organizational and financial issues, and the availability of an expert opinion from the State Service for Special Communications and Information Protection of Ukraine.

Downloads

Download data is not yet available.

References

Overview of endpoint detection and response. (n. d.). https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response?view=o365-worldwide

Oleksenko, V., Shtonda, R., Chernish, Y., & Maltseva, I. (2022). Modern approaches to providing cyber security in radio relay communication lines. Electronic Professional Scientific Journal “Cybersecurity: Education, Science, Technique”, 1(17), 57–64. https://doi.org/10.28925/2663-4023.2022.17.5764

Shtonda, R., Chernish, Y., Maltseva, I., Tsykalo, Y., Chaika, Y., & Polishchuk, S. (2023). Practical approaches to cyber protection of mobile devices with the help of a solution endpoint detection and response. Electronic Professional Scientific Journal “Cybersecurity: Education, Science, Technique”, 1(21), 17–31. https://doi.org/10.28925/2663-4023.2023.21.1731

[Shtonda, R. M., Ostapchuk, V. M., & Radzivilov, H. D. (2023). Using the Endpoint Detection and Response solution for cyber defence of mobile devices. Cyber warfare: intelligence, protection and counteraction: Proceedings of the First International Scientific and Practical Conference.

Shtonda, R.M., & Chaika, Ye. I. (2023). Cybersecurity of mobile devices using Endpoint Detection and Response solution. Information Technologies in Culture, Art, Education, Science, Economics and Business: Materials of the VIII International Scientific and Practical Conference, 94–95.

Shtonda, R. M, Tereshchenko, T. P., Chernysh, Yu. O., & Maltseva, I. R. (2023). Investigation of the capabilities of the CrowdStrike Falcon platform to provide cyber security for endpoint devices. Principles of Science. Ideals, Norms, Values in Science and Style of Scientific Thinking: XVI International Scientific and Practical Conference, 20–22.

METHODOLOGY FOR TESTING THE CAPABILITIES OF SOFTWARE SOLUTIONS ENDPOINT DETECTION AND RESPONSE (EXTENDED DETECTION AND RESPONSE)

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

index

Language

Make a Submission

counter

Information

Developed By

Current Issue