A paradigm shift in endpoint detection and response
A paradigm shift in endpoint detection and response
Endpoint security has become a hot topic on the cybersecurity front and is rising ever higher on IT managers' to-do list
Published: Nov 12, 2019 05:02:00 PM IST
Updated: Nov 19, 2019 03:08:54 PM IST
A perfect storm of increasing cloud and BYOD adoption, combined with ineffective technology and stretched security teams, is exposing sensitive data to unnecessary risk. Added to this is the growing attack surface due to the shift towards data-centric business models. Today, the major areas of concern in any organization is to secure the endpoints and server where most of the breaches and frauds happen.
Endpoint security has become a hot topic on the cybersecurity front and is rising ever higher on IT managers’ to-do list. IT leaders want a more effective, easier to use solution to address this issue. They need to find products that can consolidate a range of security capabilities into one easy-to-manage suite.
Endpoint security has changed fundamentally over the last two decades, in many ways mirroring the evolution of the wider information security market. From the first basic anti-malware scanners of the ‘90s, through innovations in black- and whitelisting, intrusion detection, web and email filtering, and today’s sophisticated targeted attack detection products – we’ve sure come a long way.
EDR–The black box of breaches EDR systems offer defenders a first line of defense that gives them a way to gain greater visibility into what is happening at the interface between production systems and the internet with all its threats and malicious activity.
EDR works by recording the security events on any device connected to the corporate network. These endpoint devices include - desktop computers, laptops, smart phones, tablets, thin clients, printers or other specialised hardware such as POS terminals etc. EDR is the black box of breaches. Some of these events may be regular activities; some may reveal a clue to how the threat inched towards the irreversible catastrophe. When a breach has taken place, EDR enables security teams to play back the infection and understand what has and how it happened.
EDR adoption As per a global survey by Enterprise Strategy Group, 70% of organisations are already using EDR. Enterprises are always looking for new techniques to protect themselves from increasingly sophisticated malware and some standalone EDR vendors deliver their detection and response capabilities as part of EDR. Effectively using it requires years of training and hands-on experience.
Not all companies have a security team that can do that. The downside of EDR is that it is operationally intensive. When you combine that with a global skills shortage in cybersecurity and the high level of skills needed to use the root cause tools, many customers can’t keep with EDR. While EDR tools can be difficult to use for less experienced operators, they can improve overall security efficiency by reducing the time to detect and respond to security incidents.
EDR is crucial for advanced endpoint protection solutions capable of detecting suspicious behaviours at all levels of the computing stack from the device to the user. Another key EDR functionality is that it enables security teams to do proactive threat hunting. As the EDR market matures, Gartner expects feature improvements to focus on increasing the capabilities of the adaptive security architecture.
EDR from a security provider and a user standpoint As threats continue to become stealthier and capable of evading traditional cyber defences, cyber security leaders today need a comprehensive enterprise cyber security strategy that pre-empts threats, reduces risk and responds to every regulatory requirement. Security leaders are concerned with increasing complexity in their endpoint environment, compounded by advanced, multistage attacks going beyond typical malware.
The highest priority for customers is improved detection and response, and hence we’ve integrated these capabilities into our endpoint protection platform to leverage the automation that already exists, which provides enterprises with a better layered protection.
Customers require a multi-layered approach to endpoint security incorporating tools that combine superior performance with low cost and centralised management. We believe it’s all about delivering the best in threat protection across all endpoints, email and web and ensuring that customer data is safe whether it’s run in a physical, virtual or hybrid environment. For those enterprises that may not have skilled threat researchers to develop this, we are expanding their MDR services that’s already available in some limited geographies.
EDR is here to stay Needless to say, though EDR is a complex technology, its overarching benefits will make it indispensable for organisations in this highly connected digital world. Gartner’s predictions validate that EDR is here to stay. Their findings suggest that by 2022, 60% of organisations that leverage endpoint detection and response capabilities, will use the endpoint protection solution from the same vendor or managed detection and response (MDR) services.
Hence, for enterprises that are increasingly looking for scalability, strong data management, flexible analytics and open integration, EDR would be a mainstay in the 21st century.
Disclaimer: The pages slugged ‘Brand Connect’ are equivalent to advertisements and are not written and produced by Forbes India journalists.