COVER
THEME
W
Vo l u m e 3
Vo l u m e 3
COVER
THEME
Issue 10
ith the increase web and email filtering, and today’s activities; some may reveal a clue to
in sophisticated attack how the threat inched towards the
surely irreversible
myriad
devices
and
its constant
use in
detection
targeted
products—we’ve
come a long way.
enterprises. For many organizations, EDR – The black box of
breaches
a perfect storm of increasing cloud EDR systems offer defenders a first
and BYOD adoption, combined with line of defense that gives them a way
ineffective technology and stretched to gain greater visibility into what is
security teams, is exposing sensitive happening at the interface between
a major concern for both users and
data to unnecessary risk. Added to production systems and the internet,
this is the growing attack surface with all its threats and malicious
due to the shift towards data-centric activity.
business models.
catastrophe. When
a
breach has taken place, EDR enables
security teams to play back the
this
connected world, cybersecurity is
20
Issue 10
With traditional endpoint security
infection and understand what has,
and how it happened.
EDR adoption
As per a global survey by Enterprise
Strategy
Group,
70
percent
of
organizations are already using EDR.
Enterprises are always looking for
new techniques to protect themselves
from
increasingly
sophisticated
malware and some standalone EDR
Today, the major area of concern technology, visibility into how a threat in any organization is to secure the entered the network and its travel path endpoints and server where most of is limited. One reason is that, when a the breaches and frauds happen. It’s hacker has compromised a device, not surprising in that context that so he is likely to wipe away his criminal many IT leaders see endpoint security traces. Once an attack is discovered, as a critical issue. In fact, endpoint customers want to know what the root security has become a hot topic on cause was, and how it spread. When the cybersecurity front and is rising security teams go back to investigate even higher on IT managers’ to-do a breach, the devices look pristine. list. IT leaders want a more effective, They do not have enough information easier to use solution to address this high level of skills needed to trace
to piece the breach together. Now, issue. They need to find products that the root cause tools, many customers
with endpoint detection and response can consolidate a range of security can’t keep up with EDR. While EDR
(EDR) technology, they are finally tools can be difficult to use for less
capabilities into one easy-to-manage able to. experienced
suite.
vendors deliver their detection and
response
capabilities
as
part
of
EDR. To use it effectively, one would
require years of training and hands-
on experience. Not all companies
have a security team that can do
that. The downside of EDR is that it
is operationally intensive. When you
combine that with a global skills
shortage in cybersecurity and the
operators, they
can
EDR works by recording the security improve overall security efficiency
has changed events on any device connected to the by reducing the time to detect and
the last two corporate network. These endpoint respond to security incidents.
decades, in many ways mirroring the devices include: desktop computers, EDR is crucial for advanced endpoint
evolution of the wider information laptops, smartphones, tablets, thin protection
security market. From the first basic clients, printers or other specialized detecting suspicious behaviors at all
anti-malware scanners of the ‘90s, hardware such as POS terminals, etc. levels of the computing stack from the
through innovations in black- and EDR is the black box of breaches. device to the user. Another key EDR
whitelisting, Some of these events may be regular functionality is that it enables security
Endpoint
security
fundamentally
over
intrusion
detection,
CISO MAG | November 2019
solutions
capable
of
CISO MAG | November 2019
21