I was reviewing your answer for the question below and believe that you have posted the wrong answer. Chegg believes that the answer is D, UTM. I don't think that's correct....

A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risk within the perimeter. Which of the following solutions would best support the organization's strategy?

A FIM

B DLP

C EDR

D UTM

I believe that the answer is C, EDR. Look at the product descriptions below.

EDR is...

- Sometimes called endpoint threat detection and response (ET D r ), provides continuous monitoring of endpoints. Edr tools are part of the defense in-depth strategy. There isn't a standard set of capabilities that all ER platforms include. However, they commonly include anti- malware solutions, host- based intrusion detection systems (HIDSs), and application allow and block lists.

- A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

- EDR isnt necessarily focused on prevention. The idea is to provide a layered solution that assumes something may not have been prevented. As a result, the goal of EDR is to detect and respond. EDR technology often uses a combination of machine learning and behavioral analytics to detect suspicious activity. Today EDR plays a predominant role as part of an overall endpoint security strategy.

UTM is...

- An approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function.

- In addition to functioning as a firewall these devices come with other capabilities such as:

1. URL filtering/ content inspection

2. Malware inspection

3. Spam filtering

4. Channel Service Unit/Data Service Unit CSU (network provider side)/DSU (customer Sude) - Multiprotocol Label Switching

5. Router, switch

6. IDS/IPS

7. Bandwidth shaper

8. VPN endpoint

9. TLS/SSL Proxy

10. Web Filtering

11. QoS Management

12. Bandwidth Throttling

13. Network Address Translation (NAT) - UTM simplifies information-security management by providing a single management and reporting point for the security administrator rather than managing multiple products from different vendors.