July 24, 2018
Why EDR Is the Next Step in Endpoint Protection
Evolving threats require a proactive approach that gets smarter as you use it.
The cybersecurity landscape is scary. Cybercriminals have become more sophisticated and much better organized. The attacks they make on IT targets in every industry are becoming increasingly difficult to defend against.
Indeed, research conducted for CDW by IDG found that 46 percent of organizations have suffered a serious security breach. Further, only 30 percent of IT officials have confidence in the ability of their people and processes to thwart an attack.
Recently, a customer asked my team how his organization could deal with advanced threats and attacks. The organization had been using a traditional anti-virus solution, which works well against threats that have been seen before. It addresses these threats and prevents them from breaching an organization’s defenses. However, traditional anti-virus solutions don’t provide visibility and reporting on the current state of an organization’s cybersecurity, which means they can’t address threats proactively. A proactive approach can be more effective against malware that hasn’t been seen before.
We recommended a comprehensive endpoint detection and response (EDR) solution to provide the visibility organizations need to protect their IT environments from new attacks, such as zero-day threats. These solutions provide the intelligence and reporting the organization was looking for to gain visibility into the various stages of a cyberattack. Now, the customer is more confident in his organization’s ability to defend against advanced attackers.
The Need for EDR
Zero-day attacks and advanced persistent threats are among the most serious security issues any organization faces these days. In cybersecurity, what you don’t know can hurt you. EDR is a valuable tool in dealing with these threats.
Sophisticated cybercriminals use a variety of attacks to avoid detection, such as file-less malware or hiding malicious code in HTTPS traffic. EDR can provide more granular control and visibility into an attack. This enables an organization’s IT team to more quickly remediate the situation because they know more about the attack.
EDR monitors endpoints to detect suspicious activities and capture data for forensic and security investigations, focusing on each stage of an attack — often referred to as the “kill chain.”
The EDR console can show you specific details about an attack: where it started, what kind of attack it is, where it went, how it is behaving and when it began. Analysis of this data helps the EDR get smarter as you use it. These solutions employ sophisticated algorithms and artificial intelligence to analyze data. The AI builds up a database of what’s happening specifically within the organization — as well as what’s happening generally around the world. This database evolves over time by looking at behavior of malware and ransomware, so it can detect their activities, even if their signatures are unfamiliar. The EDR solution can identify anomalous behavior and determine whether it may represent a threat.
In the current security landscape, organizations should be looking at these solutions for deployment. In the coming years, they will become the standard for cybersecurity, filling a role currently occupied by traditional anti-virus tools. Many IT leaders have a misconception that advanced EDR tools are too costly, but prices for these solutions are falling. Most EDR and AI solutions are affordable, even for relatively small organizations.