You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
edr gaps
About this tag
Discussions tagged with 'edr gaps' focus on blind spots in endpoint detection and response systems, particularly when attackers abuse trusted third-party tools and legitimate administrative infrastructure. A highlighted breach involved a compromised IT services provider using HPE Operations Manager to run scripts, deploy web shells, and steal Windows credentials for over 100 days without detection. The core issue is the gap between authorized activity and what EDR actually monitors, allowing attackers to operate within trusted channels. These threads explore how such gaps arise, the challenges of monitoring privileged tooling, and strategies to close visibility holes in Windows enterprise environments.
Microsoft Incident Response disclosed on May 12, 2026, that attackers compromised a third-party IT services provider and used legitimate HPE Operations Manager and HPE Operations Agent infrastructure to run scripts, deploy web shells, harvest Windows credentials, and tunnel into a victim...