Addressing Endpoint Security Challenges

 

If you have oversight on cybersecurity controls such as signature based technology and antivirus you will be very aware that they are readily bypassed by targeted attacks using polymorphic malware payloads, file-less cyberattacks, malware toolkits and advanced persistent attackers.  Many organisations recognise and concede that the traditional anti-malware defences they have in place are failing and they need to evaluate new approaches and options. 

Endpoint Detection and Response (EDR) based technology appears to be a potential replacement option. Like any other new technology available in the market it comes with a whole new set of terminology and jargon put together in the marketing department. An EDR solution looks to provide a deeper level of behaviour based anomaly detection and visibility into other relevant information to help detect and mitigate against a broad variety of advanced threats. This new approach will help improve a company’s ability to detect and respond to external and insider threats plus reduce the time, cost and complexity of an internal investigation, should there be an incident. 

EDR solutions typically act in conjunction with other security measures and are complimentary to a variety of security solutions including DLP, SIEM and network forensics tools. For example, if you are using a SIEM platform to store and correlate information then integrating your EDR solution with your SIEM platform will provide additional valuable intelligence. 

A key component of the new EDR offerings is Continuous Monitoring technology. This capability is intended to solve Root Cause Analysis and to challenge and detect Advanced Threats.

A "block and prevent" strategy is not effective in today's threat environment. The new breed of tools are designed using a "detect and respond" strategy.

Advanced Threat Detection is designed to identify sophisticated malware that applies persistent remote access attacks with the intention of stealing sensitive corporate data over an extended period of time. 

Root Cause Analysis as the name suggests aims to identify the question – where did this suspicious or bad file come from?

However, what the vendors of the EDR technologies won’t tell you in their literature is that Continuous Monitoring to do Advanced Threat Detection and Root Cause Analysis comes with an “overhead” and its own set of challenges.

We will discuss these key consideration points in our next Problem Solved. In the meantime if you  would like to understand more about how Endpoint Detection and Response (EDR) based technology might be suitable for your organisation then contact

Mike Conboy - mike.conboy@mpa.co.nz

 

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Securing Blurred Boundaries More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >