Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Secure with Endpoint Detection & Response?

Issue 5 2023 Information Security

How secure are the devices that access your company networks? Can you rest easy, knowing that something is monitoring threats that exploit people's laptops and smartphones? Most organisations are not as secure as they believe. Phishing in particular diminishes most endpoint security measures, including antivirus and endpoint protection platforms.

This is why more organisations are adding Endpoint Detection & Response (EDR, but many still misunderstand this security concept or mistakenly think it's part of their other security services. What is EDR and its purpose, how does it differ from other security services, and what should you consider if you plan to invest in EDR?

Endpoints are at risk

Business environments need to trust endpoint devices, yet these come with serious security risks. Due to productivity and device owner dynamics, they often don't enjoy as much security control as other business systems. There are many different types of endpoint devices from countless manufacturers, and endpoint devices represent everything from low-risk users to high-value targets.

Criminals exploit these uncertainties, and it's no surprise that endpoint devices are by far the most common targets to start an attack. All it takes is one email or website masking malware for the bad actors to find a way in.

"These attacks are sophisticated, blending different techniques to avoid triggering the signature-sensors of antivirus software," says Gerhard Swart, Chief Technology Officer at Performanta. "Modern attacks often sneak snippets of software and configurations into the environment, turning standard services into criminal tools."

This subterfuge makes it much harder to spot an attack in progress and explains why standard endpoint security is no longer effective. And the monitoring systems that keep other business areas safe don't have the correct focus to effectively catch clandestine endpoint attacks. Hence the growing appeal of EDR, a more modern way to detect and tackle endpoint attacks.

The new generation of device security

EDR was first coined in 2013 by Gartner, referring to a set of tools that continually capture and study device data to spot any strange activities. An EDR system checks for threats 24/7, using data and forensic features to analyse device traffic and behaviour. Unlike signature-based systems, it can detect unknown threats. EDR forensics are also very useful to determine the root cause of an attack.

Adding EDR to security provides a massive edge to spot and stop advanced attacks. But EDR is not a simple addition. If you believe EDR will add value to your business, Swart suggests some adoption considerations to take into account:

● EDR represents a bundle of different services, which can be deployed in several ways. You can add EDR as a standalone service or as an add-on to a larger security platform.

● Managed security service providers (MSSPs) are often the best choice for EDR, because worthwhile MSSPs should have the prerequisite services, integrations and skills to run such EDR solutions.

● EDR systems work particularly well when integrated with a security operations centre (SOC) and security information and event management (SIEM) service.

● A thriving EDR environment needs specific security and technology skills, which may be expensive to keep in-house.

● EDR systems require careful configuration to match business and user requirements. It's a continual investment, not an install-and-forget project.

● Scaling EDR can be tricky since different parts of the business (and their devices) often have unique needs.

An important security investment

Adding EDR is not a simple task. But the investment for security and lowering risks make it worthwhile, providing advanced and proactive protection, deep logging, and centralised oversight over the most vulnerable part of every business network: the endpoint devices.

"Adding EDR can be tricky, which is why some places avoid it and others end up with EDR solutions that don't work," says Swart. "There are many reasons why EDR can go wrong or cost too much. But it is a vital piece of security because it focuses on the spaces that the bad guys target most often with the newest attack techniques. I recommend talking to a trusted security provider with a track record in deploying and maintaining EDR systems."

It's a reality that attacks on endpoint devices will only become worse. But that's why EDR exists; it keeps an eye on the most vulnerable parts of our digital world.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.

Read more...
Surveillance and cybersecurity
Cathexis Technologies Information Security
Whether your business runs a security system with a handful of cameras or it is an enterprise company with thousands of cameras monitoring sites across a multinational organisation, you must pay attention to cybersecurity.

Read more...
Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Read more...
What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

Read more...
SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Read more...
Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.