Smaller organisations are increasingly facing advanced cyberthreats , either to become a gateway towards a larger target during a supply chain attack or by being a collateral victim in a larger attack .
Tell us about the level of sophistication we see in today ’ s threat landscape , particularly when it comes to the endpoint ?
If we look at the early reports of 2021 , or review the key incidents , there are a few key words that will quickly surface : ransomware , phishing attacks , Business Email Compromise ( BEC ), supply chain attacks , data breaches or data exfiltration .
We can group these attacks into two key categories : fast-evolving attacks and slow and stealthy attacks . Both can be very aggressive , both can be targeted and both can cause massive impact for any organisation in the world .
Without minimising the importance of fighting off ransomware and other aggressive fast-evolving attacks , I will focus on the slow and stealthy type of attacks . Here we include the likes of supply chain attacks , phishing for company or state secrets and exfiltration of entire databases during months of undetected malicious activity .
The prevalence of these complex threats increased dramatically over the last few years and a question worth asking at this point is – who is affected by this class of attacks ? You might think that it only applies to large organisations . These are the notorious cases that make it to the media . But this couldn ’ t be further from the truth .
Smaller organisations are increasingly facing advanced cyberthreats , either to become a gateway towards a larger target during a supply chain attack or by being a collateral victim in a larger attack . The advanced attack techniques are so prevalent today that no organisation should consider itself safe .
Let ’ s talk Endpoint Detection and Response ( EDR ) – how has this historically been used as part of advanced threat prevention ?
Historically , cyberdefences relied mostly on the prevention capabilities that are built into endpoint protection platforms and this approach provided acceptable results for many years .
As the attacks increased in sophistication , the security paradigm had to evolve . Security experts realised that 100 % prevention is not possible . By acknowledging the real possibility of being breached , many organisations adopted EDR solutions to complement prevention capabilities and to increase the resilience of organisations faced with advanced cyberattacks .
EDR relies on continuous monitoring of endpoint events across the entire infrastructure , providing extended threat detection , incident investigation and effective response .
Why , given the changes to the working environment we have seen over the last year , has EDR become an even more important cybersecurity tool ?
The global pandemic had a very strong influence on cybersecurity through significant changes both in the threat landscape and in the attack surface .
We discussed the increased sophistication and volume of attacks and , to a large extent , this was fuelled by the forced ‘ work from home ’ setups . In the early days , most organisations rushed into working from home and the attack surface available to various attackers in the world increased significantly .
With endpoints leaving the relative safety of corporate networks and being scattered across employees ’ homes , security teams required more advanced threat detection capabilities and , more importantly , better visibility to avoid costly cyberbreaches .
EDR is the perfect instrument in this setup as it ’ s focused on the endpoint and the location of the device is less relevant .
How does EDR bridge the cyberskills gap ?
EDR is an interactive solution but to some degree security analysts are needed for an effective EDR ecosystem . By itself , EDR will not do too much good to an organisation – a
INTELLIGENT TECH CHANNELS Issue 43 67