intelligent

Bogdan Carlescu , Acting

Cybersecurity Professional and Product Marketing Director at Bitdefender

EDR is the perfect instrument in this setup as it ’ s focused on the endpoint and the location of the device is less relevant .

How does EDR bridge the cyberskills gap ?

EDR is an interactive solution but to some degree security analysts are needed for an effective EDR ecosystem . By itself , EDR will not do too much good to an organisation – a high volume of alerts , fragmented visibility and false positives are increasing the pressure on security teams . This isn ’ t helping to cope with the skills gap .

IN THE EARLY DAYS , MOST

ORGANISATIONS

RUSHED INTO WORKING FROM HOME AND THE ATTACK SURFACE

AVAILABLE TO VARIOUS

ATTACKERS IN THE WORLD INCREASED

SIGNIFICANTLY .

As the attacks increased in sophistication , the security paradigm had to evolve . Security experts realised that 100 % prevention is not possible . By acknowledging the real possibility of being breached , many organisations adopted EDR solutions to complement prevention capabilities and to increase the resilience of organisations faced with advanced cyberattacks .

EDR relies on continuous monitoring of endpoint events across the entire infrastructure , providing extended threat detection , incident investigation and effective response .

Why , given the changes to the working environment we have seen over the last year , has EDR become an even more important cybersecurity tool ?

The global pandemic had a very strong influence on cybersecurity through significant changes both in the threat landscape and in the attack surface .

We discussed the increased sophistication and volume of attacks and , to a large extent , this was fuelled by the forced ‘ work from home ’ setups . In the early days , most organisations rushed into working from home and the attack surface available to various attackers in the world increased significantly .

With endpoints leaving the relative safety of corporate networks and being scattered across employees ’ homes , security teams required more advanced threat detection capabilities and , more importantly , better visibility to avoid costly cyberbreaches .

So , when looking to adopt EDR , an organisation should consider a few things . First is the ability to detect complex threats , as well as ease of use , accuracy , context information and guided response . But secondly , organisations should also look for built in automation capabilities .

To help customers reducing the challenges due to the cybersecurity skills gap , Bitdefender focused on providing an EDR that has proven industry leading detection capabilities but is also easy to use and accessible to a wide range of organisations .

We also developed an MDR service that moves all the weight of security operations to highly-skilled Bitdefender SOC team analysts .

Why is it so important that CISOs and their teams have access to highly detailed reports and analytics , and how does a good EDR solution enable this ?

I think it is hard to over-emphasise the importance of incident reporting and security analytics for security teams . Although there are quite a few reasons for having access to detailed reporting and analytics I will focus on three key use cases : incident investigation , forensics and compliance .

Effective incident investigation relies on two principles : knowing ( in good time ) that something is happening and understanding quickly what is happening . Forensics is similar , with the difference that time is not as critical as in case of incident investigation . Here the most important is to have access to untampered