Endpoint Security Monitoring

In an enterprise environment, it's best practice to implement a defense-in-depth strategy. A defense-in-depth approach places multiple obstacles for an adversary to overcome. The endpoint is where the adversary will spend the most time performing situational awareness, planning their path to pivot throughout the network to reach their objective. The endpoint is where adequate monitoring should be in place, gathering as much telemetry as possible. For an analyst to successfully determine benign and malicious events, they must understand what is expected and what is abnormal within a Windows system.