// Comparison
Evading EDR vs Malware Data Science: Which Should You Read?
Two cybersecurity books on Malware, compared honestly: who each is for, what each does best, and which to read first.
A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.
Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.
Read this if
Skip this if
Key takeaways
- EDR is a collection of telemetry sources, not a monolith; evasion means knowing which source sees what.
- Most durable bypasses attack the sensor's data collection, not its detection logic.
- Vendor-agnostic understanding outlives any specific bypass, which vendors patch fast.
- Static-feature classifiers can route a triage queue effectively even at scale; the book's chapters on feature engineering pay back the cost.
- Similarity analysis (locality-sensitive hashing, ssdeep, imphash, function-level fuzzy hashing) is the analyst's lever for clustering campaigns and tracking actor evolution.
- Deep learning is overhyped for malware in many contexts and exactly the right tool in others; the book is honest about the trade-offs in a way most ML/security books aren't.
How they compare
Evading EDR and Malware Data Science are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.
Evading EDR is pitched at advanced level. Malware Data Science is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.
Evading EDR and Malware Data Science both cover Malware, Detection, so reading them in sequence reinforces the same material from different angles.