• Lumilias@pawb.social
    link
    fedilink
    English
    arrow-up
    20
    ·
    3 个月前

    On the enterprise side, we use McAfee/Trellix and we’re pretty much glued to them for endpoint security. Why? Nobody else allows you to write custom YARA rules straight to the IPS engine like Trellix does.

    Every other vendor only allows you to use rules they have defined for you and doesn’t give you that low level access. It’s frustrating because their support is dogshit too, but my company has niched itself into a corner.