Addressing Endpoint Security Challenges

 

If you have oversight on cybersecurity controls such as signature based technology and antivirus you will be very aware that they are readily bypassed by targeted attacks using polymorphic malware payloads, file-less cyberattacks, malware toolkits and advanced persistent attackers.  Many organisations recognise and concede that the traditional anti-malware defences they have in place are failing and they need to evaluate new approaches and options. 

Endpoint Detection and Response (EDR) based technology appears to be a potential replacement option. Like any other new technology available in the market it comes with a whole new set of terminology and jargon put together in the marketing department. An EDR solution looks to provide a deeper level of behaviour based anomaly detection and visibility into other relevant information to help detect and mitigate against a broad variety of advanced threats. This new approach will help improve a company’s ability to detect and respond to external and insider threats plus reduce the time, cost and complexity of an internal investigation, should there be an incident. 

EDR solutions typically act in conjunction with other security measures and are complimentary to a variety of security solutions including DLP, SIEM and network forensics tools. For example, if you are using a SIEM platform to store and correlate information then integrating your EDR solution with your SIEM platform will provide additional valuable intelligence. 

A key component of the new EDR offerings is Continuous Monitoring technology. This capability is intended to solve Root Cause Analysis and to challenge and detect Advanced Threats.

A "block and prevent" strategy is not effective in today's threat environment. The new breed of tools are designed using a "detect and respond" strategy.

Advanced Threat Detection is designed to identify sophisticated malware that applies persistent remote access attacks with the intention of stealing sensitive corporate data over an extended period of time. 

Root Cause Analysis as the name suggests aims to identify the question – where did this suspicious or bad file come from?

However, what the vendors of the EDR technologies won’t tell you in their literature is that Continuous Monitoring to do Advanced Threat Detection and Root Cause Analysis comes with an “overhead” and its own set of challenges.

We will discuss these key consideration points in our next Problem Solved. In the meantime if you  would like to understand more about how Endpoint Detection and Response (EDR) based technology might be suitable for your organisation then contact

Mark Heard - mark.heard@mpa.co.nz

Mike Conboy - mike.conboy@mpa.co.nz

Mike Conboy -
Consultant 

Mike has over 20 years’ experience in the New Zealand Security Industry covering a variety of roles including Systems Engineering, Product Management, Business Management and Development.

Originally engaged within UK Defence and Telecommunication Industries, Mike emigrated to NZ in the early 90’s and has provided service to clients via Systems Integrators, Value Added Distribution, Consultancy and Managed Security Services.

Mike is a Chartered IT Professional (Fin, Info Sec) with MSc (Info Systems Engineering) and a BSc (Physics, Electronics).


Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >