An incident response team discovers that malware has been present on a compromised system for 6 months before detection. What is the BEST recommendation to prevent similar incidents?

Correct answer: Implement endpoint detection and response (EDR) for behavioral threat detection

Option B is correct because EDR solutions continuously monitor endpoint behavior, detect anomalous process activity, lateral movement, and persistence mechanisms in near real-time, making them far more effective than signature-based antivirus at identifying threats that have evaded initial detection and dwelled for months. Option A is incorrect because advanced antivirus still relies heavily on known signatures and heuristics, which are insufficient to catch sophisticated, low-and-slow attackers who modify their tooling to evade traditional AV. Option C is incorrect because network isolation of high-value systems reduces attack surface but does not address the detection gap; an adversary already inside the environment can still operate undetected without behavioral monitoring. Option D is incorrect because scheduled daily scans check for known indicators at a point in time and do not provide the continuous behavioral visibility needed to detect fileless malware or living-off-the-land techniques.