The advantages that notebook computers, smartphones and other wireless devices bring work and business are beyond dispute. The benefits of these revolutionary tools come at a price, however. As Uncle Ben prophetically warned Peter Parker, aka Spider-Man, “With great power comes great responsibility,” one could say of the today’s internet of things (IoT) and bring your own device (BYOD) workplace: With great convenience comes greater risk.
Known in network security circles as endpoints, these devices open up a world of convenience by creating a point of access to an enterprise’s network and mission-critical data. They also open the door to cybercriminals and the nefarious tools they employ.
In the past, cyber threats typically accessed systems through an enterprise’s central network. Today’s threats increasingly gain entry through endpoints, bypassing centralized cyber defenses. Network administrators are finding that they need greater control over a multitude of access points — often multiple access points per each end user — to prevent the vulnerabilities created by remote devices.
In 2013, Gartner research vice president Anton Chuvakin named this emerging approach to endpoint vulnerability Endpoint Detection and Response (EDR). To paraphrase his own description, EDR is a set of tools for detecting and investigating suspicious activities on endpoints. It has since evolved to fill the need for continuous monitoring and response to advanced threats and is often included under the security umbrella of advanced threat protection.
According to Chuvakin and Gartner analyst Augusto Barros, “Endpoint detection and response tools enable an organization to achieve comprehensive endpoint visibility, improve its ability to detect malicious activities and simplify security incident response.”
Demand for such solutions now accounts for a $1 billion EDR market that is expected to reach $7.27 billion by 2026, reflecting a compound annual growth rate of 25.9 percent.
Key components of an effective EDR solution, according to Gartner, comprise the following:
Like “layered defense,” EDR takes a multi-tiered approach to identifying and neutralizing threats. In a general sense, EDR solutions use endpoints to gather data and leverage that data to identify potential security threats, then provide helpful ways of investigating and responding to those potential threats.
Delving through troves of data, pinpointing suspicious activity and quickly reacting to incidents can require considerable time, effort and expertise. In the past, such capabilities were limited mostly to large organizations and companies with the resources to field teams of experienced security analysts operating out of a Security Operations Center (SOC).
By simplifying EDR offerings and streamlining automation and workflows, today’s Managed Security Service Providers (MSSPs) are working to make these solutions accessible to a wider market. Dubbed “EDR Lite,” such products offer a lower barrier to entry, bringing EDR capabilities to a sector that needs them most — small and medium sized businesses (SMB).
Whether large or small, enterprises that offer employees and customers the convenience of remote access to must take responsible steps to protect user data from malicious actors and cyber criminals. Any organization shopping for a comprehensive EDR solution should consider the following features when choosing a vendor:
Filtering: False positives can plague low-end EDR solutions. Events that are not threats may trigger alerts, creating alert fatigue and increasing the possibility for real threats to slip through unnoticed. A quality solution filters out false positives.
Advanced Threat Blocking: Persistent attacks can eventually overwhelm security measures on products with weaker offerings. A good solution blocks threats immediately at detection and throughout the attack.
Incident Response Capabilities: Trained security personnel are not always enough to respond to an attack. AI-supported threat hunting and incident response can help prevent full-blown data breaches.
Multiple Threat Protection: Attacks may come from multiple endpoints and sources (e.g., ransomware, malware, suspicious data movements) at once. An EDR solution must be sophisticated enough to respond to multiple threats without becoming overwhelmed.
The first responsible step to protecting your endpoints, and by extension your enterprise, is to reach out to experts with the experience and knowledge to create a solution geared to your specific needs. Valeo Networks offers a wide range of security solutions that included Advanced Threat Protection, Data Loss Prevention and EDR. Contact us today to learn more about how we can help you navigate today is evolving cyber threat landscape, or to schedule a Security Risk Assessment.