My final post of this class was an introduction to EDR and Endpoint Security. EDR stands for Endpoint Detection and Response. There is also a component of Endpoint Security referred to as NGAV or Next-Generation Antivirus. Both are required now to have the greatest chance of preventing infections and breaches. What is the difference between the two and how do they work together to help mitigate threats to your computer?

            “NGAV is the prevention component of endpoint security, which aims to stop cyber threats from entering a network.” (Aarness, 2025) EDR detects activity that circumvents NGAV and allows teams to contain the threat, hopefully before it can move laterally in the environment. (Aarness, 2025) You can think of NGAV as the first line of defense in your arsenal against cyber threats. While EDR is next in line to help contain anything that gets by the first line. Because EDR gathers all the activity surrounding a potential threat, it is valuable data even if it fails to contain the threat. This data can be used to determine what the threat actor actually did and what they gained access to.

            I work as part of the managed endpoint protection security team for a large computer security firm. I have been doing this for 14 years. What is managed endpoint protection? It is the outsourcing of endpoint protection. This covers laptops, desktops, servers and even mobile devices. (SentinelOne, 2025)

            Why would you outsource such an important part of your computer security? Mainly because of a few things. The first being the rising endpoint threat complexity. But this can be covered by a good EDR and NGAV solution. More importantly, there is limited in-house security expertise and around-the-clock monitoring. (SentinelOne, 2025) Today, it is quite hard to staff a full security staff with the knowledge needed to detect and combat cyber threats. Not even considering trying to staff one 24/7/365. Additionally, compared to staffing your own internal SOC (Security Operations Center) it is quite cost effective. If you must deal with any government regulations such as HIPAA, PCI DSS or GDPR, these companies should be equipped to help you deal with the cyber security side of remaining compliant.

Because these new EDR tools upload pretty much everything that an endpoint does to their respective clouds, it often requires outside tools to analyze all the data. A common technique is to export all the data for a given period when searching for a threat or breach. Then importing this data into Excel and then using the data tools in Excel to sort and analyze the data.

Additionally, you may find that if you have extensive knowledge of a scripting language, such as Python, that it may be easier to implement a script to go through the data. Many threat analysts write their own tools in Python to analyze EDR data. This speeds up their analysis and provides a more comprehensive result, especially when looking at a potential breach.

Keeping track of all of this data requires a very large database and extensive database management. Our largest databases are used for what we call MDR. Which is similar to EDR but ingests data from multiple sources, not just the Endpoint. We use Google SecOps for this. We ingest data from all sources such as the endpoint, Office 365 and Azure AD. This cloud-based database acts as a very large SIEM and correlates data among the different feeds to find potential risks and threats.

What is Google SecOps? It is a cloud service that is designed to retain, analyze and search the large amounts of security and network data that is generated by today’s tools. (Google, 2025) “The Google SecOps platform enables security analysts to analyze and mitigate a security threat throughout its lifecycle.” (Google, 2025)

Works Cited

Aarness, A. (2025, January 7). EDR vs NGAV. Retrieved from Crowdstrike: https://www.crowdstrike.com/en-us/cybersecurity-101/endpoint-security/edr-vs-ngav/

Google. (2025). Google SecOps overview. Retrieved from cloud.google.com: https://cloud.google.com/chronicle/docs/secops/secops-overview

SentinelOne. (2025, June 15). What is Managed Endpoint Protection? Retrieved from SentinelOne: https://www.sentinelone.com/cybersecurity-101/endpoint-security/managed-endpoint-protection/

 

 

• How to effectively integrate AI tools into your blogging process to produce high-quality, engaging, and accurate content? 

You can use AI tools such as CoPilot and ChatGPT to help you in your blogging process. It really comes down to how well you craft the prompt. The prompt is the phrase or sentence that you use to get information from an A.I. system. Spend quality time crafting your prompt to get the best results. The more generic your prompt the more generic and worse the A.I. will do. Be specific. The more specific and targeted you can make your prompt, the better chance that you will receive good, quality responses.

• How to ensure the content maintains your brand voice and consistency?

No A.I. system, at this time, can truly duplicate the tone and voice of a human writer. It can attempt to mimic it but it generally sounds like it came from an A.I.. You should spend time editing the response to make it sound like you. This way you can make sure to match your tone and voice. It can be a great tool but it isn’t going to do all the work. Editing the content created is essential to maintain your voice.

• How to double-check all facts, statistics, and references for accuracy to avoid spreading false information?

Once again, editing is your friend. An A.I. is only as good as the data it gathers. This may be old, stagnant or even wrong in some cases. You should spend time thoroughly going over any data that the A.I. generated for accuracy and truthfulness.

• How to be vigilant to maintain equality and fairness?

In actions such as this, an A.I. tool can really shine. You could use it to go over your content for inclusivity and fairness. Especially if you’re unsure, your own content should be checked for this.

 I work in the computer security industry. This entire enterprise focuses on computers and how they work. We not only provide protection to networks and endpoints but also use computers ourselves. An endpoint is any device that connects to a network but isn’t a network device such as a switch or router. It is easiest to think of an endpoint as a personal computer or server but mobile devices can also be endpoints. Without computer literacy, you can’t operate effectively in this industry. It is simply not possible. You may not need to know the inner workings of a computer but you do need to know how to operate office applications, web browsers, operating systems and basic networking.

Artificial intelligence is rapidly changing how this industry operates. For example, endpoint protection products such as SentinelOne and Crowdstrike make liberal use of A.I. to detect potential threats. As A.I. becomes smarter and more wildly used, I envision it will transform networking as well. Firewalls, routers and switches will become even smarter. Firewalls will adapt to incoming threats in real time without needing interactions from real people. Routers and switches will monitor traffic and make changes in how packets are sent and moved throughout the network to reduce trip time and network congestion.

On the flip side, bad actors will start to use A.I. to attack systems. They’ll be able to modify tactics such as ports attacked and network packets on the fly in order to break into systems. Only by using A.I. in defense will we be able to respond quick enough to prevent breaches.

 PART 1: 

 

PART 2: 

PART 3: 

I have a caching problem. At least with some websites commonly used such as google.com. My ping results to common websites are good while trace routes are too quick as it is cached in the nearest router owned by AT&T.

Ping is a good tool to use to test if a website or network location is up and available. It measures total time for response from the location and any dropped packets. While trace route shows the path that a packet takes through the network. It can be used to troubleshoot a problem reaching a particular site that you know is up but are unable to reach. For example, one time we were having some sort of network issue and couldn't access most websites. Our pings out using IP addresses were good showing the network was working but we were unable to pull up websites. So we moved to trace routes. This showed a problem reaching our external DNS server. The hop before the server was consistently timing out. It turned out that the switch used had went bad and was causing outages all over.

 

The assignment for Week 2 of my course had us look at various Office applications. We put the same data into Word, Excel and PowerPoint. I am going to look at each application and show that the best one for this assignment is Word.

A word processor is used for writing documents. It’s main function is that of a typewriter with added benefits. It has the ability to change fonts, size of text, show images and provide references. It can set things up for printing such as mailers. It can display and print things such as tables and spreadsheets but this is not its forte.

            A spreadsheet is “a computer program that allows the entry, calculation, and storage of data in columns and rows.” (Merriam-Webster, nd, SPREADSHEET Definition & Meaning - Merriam-Webster). This is where it excels. The modern spreadsheet application can be used to store the written word much like a word processor but it lacks some of the same features and it’s row/column setup will cause difficulties.

            A presentation application, such as PowerPoint, works best as a method of presenting data for others to view in a meeting. It can display text and images and even parts of spreadsheets. It does not perform calculations like a spreadsheet nor is it best used in place of a word processor. It is broken down into slides for presentation. Each slide should be prepared with concise and pertinent information.

            A database is “a usually large collection of data organized especially for rapid search and retrieval.” (Merriam-Webster, nd, DATABASE Definition & Meaning - Merriam-Webster). It is mainly used to store data so that the data can be used by other applications. It is best at storing and retrieving data. It can perform calculations on data but this limited to the type of data and database. It can store documents such as word processing documents or spreadsheets but it cannot generate them.

            Why is Microsoft Word the best application for presenting the data in this assignment? Because it has basic functionality of the other two applications. Plus it can display a large amount of text and format it for the best viewing of the audience. It can display tables or even entire spreadsheets. It can also format text in such a way that you can display it in a meeting. While it will only perform basic calculations on the cells in a table, its ability to display an entire spreadsheet makes up for it.

            Anytime that you need to display a large amount of text, images or different pages in a spreadsheet, Word would excel. Authoring a scholarly journal would be an excellent use Word as it will display the text and images needed as well as preparing the reference page. If you need to present different pages of a spreadsheet in one document for others to go over such as a report, it will also function admirably. It is not as good at making presentations as PowerPoint but it is capable of displaying text in the same manner and adding images and video. It can double by selecting each page in a document as a slide.

 

I’ve decided to review Outlook Mobile. Outlook Mobile is part of the Office 365 suite for your phone. It is an email, calendar and contact application. With it you can check your email and schedule events on your calendar while keeping track of important email contacts.

I don’t use the calendar or contacts all that much so I’ll focus on the email portion of this application.

USABILITY:

The application does what it does well. It is a Microsoft product so it is a bit over-engineered. It’s fairly easy to use once you get it up and running but the lack of standard POP3 email setup is a drawback that I find frustrating.

 

DESIGN:

The design is a blue functional area with a white background and black text. If this is changeable, I haven’t found the method to perform this. Being a mobile app, the lack of right click menu leaves something to be desired. Most everything is available through menus in the upper left corner. A medium sized plus (+) is in the lower right corner that is used for spawning a new email.

 

 

FUNCTIONALITY:

Overall functionality is very good. It does what it is designed to do and does it well. In the multiple years that I’ve been using this application; I’ve only had it crash once or twice. In each instance, a simple restart of the application was sufficient to restore to the last state. Starting a new email is straightforward and if you save common or important email addresses in the contacts, it is even easier. The calendar and contacts part of this app function in similar ways. Reading email is as simple as clicking on the email heading and it opens it up for you to read. Security is enhanced by not automatically downloading potentially malicious content such as pictures or links.

 

Improvements for Outlook Mobile App

1.      Dark Mode – having a method to switch to a dark mode would greatly improve user experience. The bright white background can be very harsh on the eyes, especially in low light situations.

2.      Accessibility Improvements – The ability to zoom in on the main screen for all 3 parts of the app would greatly enhance the user experience for those with vision issues.

3.      Font changes – the default font in outlook is something difficult to read and the ability to change it to something that works better for you would be good.