Host Security Tools
A broad variety of tools are used to protect local hosts, ranging from antivirus and antimalware tools to system configuration tools and whitelisting utilities. In many cases, these tools are the last technical layer of defense between attackers and workstations, servers, and mobile devices. Understanding the types of tools and how they are used can help you recommend stronger controls and configure better defenses, and it can make incident response and investigation far easier if you know how host security tools work and what information they can provide.
Antimalware and Antivirus
Detecting malicious software has been a key part of defense designs since viruses first became a consistent threat by spreading via floppy disks. Modern software antivirus tools have historically focused on Trojans, worms, and viruses, often with a strong signature-based detection capability and frequent updates in their definitions library. Over time, they have added behavior-based detection...