In a continuation of our series of Security posts, this week we are focusing on EDR – Endpoint Detection and Response.
The first question you are probably asking. What is EDR?
Endpoint Detection and Response (EDR) is a new form of cyber security technology that helps continuously monitor, prevent, detect, and respond to ever-changing cyber threats and recover quickly when ransomware or other exploits strike. If a attack does occur and is successful remediation and rollback features help reverse the effects of an attack and recover devices to their pre-attack healthy state significantly reducing business downtime.
EDR differs from other traditional forms of protection such as antivirus (AV) and anti-malware in that its primary focus isn’t to just stop threats on an device. EDR is also focused on providing the right endpoint visibility with the right insights to help discover, investigate and respond to very advanced threats and broader attack campaigns stretching across other devices to protect your network.
Cyber Attacks increased by 55% from 2017 to 2018
Check out the clip below for a brief overview of EDR
The stats speak for themselves. Cyber crime is on the increase and cyber attackers are finding new ways and means to attack your defenses, irrespective of how advanced it is.
58% of cyber breaches took place in small business last year – Source Microsoft
5 reasons why is an EDR solution so vital?
- Prevention alone will not assure 100% protection: No matter how good your security is there is always a risk of being breached. The new standard in security is to expect a breach but have solutions in place to be able to minimise damage and recover quickly.
- Attackers can be in your network for weeks. Without EDR technology traditional AV and anti-malware solutions won’t detect this type of activity. Silent failure will only cause free movement by attackers in your environment. They can create back doors to allow returning back at will.
- Traditional forms of security are no longer enough: Traditional antivirus is notoriously bad at stopping newer threats such as zero-day-exploits and ransomware. The best antivirus products act as the first layer of defense, but an EDR solution adds additional layers of protection to manage these modern threats.
- Insights to derive the appropriate response to incidents: Lacking intelligence into what and where a breach has occurred is a common problem. If you do not know what exactly is happening, where it originated, or who it might be affecting you won’t be in a position to stop further damage let alone start recovering. Response time is paramount.
- Remediation can be expensive and protracted: Businesses need to have the right capabilities. Otherwise, they risk the potential to spend days, weeks or even months trying to recover. This is not only expensive but can cause severe disruption to the business, have a major impact on productivity and cause reputational damage all leading to serious financial losses.
The 2 Key Benefits of a good EDR solution
- Reduce your chances of Cyber Attacks
» Helps protect against the latest threats without waiting for recurring scans or updates
» Responds to threats at your devices almost immediately
» Customised protection allows/blocks USBs and endpoint traffic to determine the appropriate response
- Respond quickly & effectively with Automation
» Automate responses for quick threat containment and limitation of damage
» Help re-mediate attacks by reversing the effects
» Rollback attacks by replacing compromised files with pre-attack healthy versions