It is easy to get confused in the world of cybersecurity. There is an overabundance of jargon as everyone tries to sell a service rather than education, which will help businesses keep themselves safe in the long term. One of these terms is “Endpoint Detection and Response” or EDR. A quick Google search tells us that an endpoint is a device or node that connects to an internal or external network. Now, why do we need to detect malicious activity and respond to this? To answer this, we must think like an attacker. Their objective is to access our network. They accomplish this by compromising the security of the weakest device in the link, thus keeping our network safe relies on the constant protection of our endpoints.
A defender mindset is the single most destructive culture to a company’s security. A defender of a system is in a constant state of reassurance; companies naively assume protection is kept by the policies in place and thought to be impenetrable. In history, every king is convinced that his castle is grander and more protected than its last iteration, even though he conquered that very castle by penetrating its defences. Only recently, for a major software company, an exploit appeared with printers owning more administrative powers than the Administrator account itself. Simply relying on antivirus is no longer enough. EDR refutes these assumptions and protects you against the 1%, the attacks that will eventually slip through when your prevention silently fails.
A study from Ponemon Institute in 2018 highlighted that two-thirds of all attacks originated from internal endpoints. So how do you combat this? As your company grows, so will your endpoints, and consequently so will avenues of attack. A survey of security professionals showed that many understood the importance of endpoint protection but 88% did not know how many endpoints they had, 50% failed to account for mobile endpoints, and 52% actively worked to prevent endpoint attacks. Prevention is an excellent measure but what do you do apart from this? Detection and Response is the most valuable tool. At Brace168, anomalous behaviour from endpoints is identified through machine learning, automatically alert the security team, who then swiftly respond allowing you to minimise damage and return to normal business operations. Additionally, Brace168 runs a Security Operations Centre filled with skilled analysts constantly monitoring endpoints. By utilising the “MITRE ATT&CK” framework we think like a hacker, not a defender. By looking for threat patterns and fortifying against known methods of attacks we are in a constant battle with ourselves to break security to fortify against a potential attack. This allows us to understand malicious attacks quickly resulting in rapid decision making and swift remediation.
If there is one thing you take away from this article, it’s to ask whoever manages your security. How many endpoints do we have? What are we doing to protect every single one of them?
If they don’t have an answer, we at Brace168 do. Contact us at Brace168.com for further information about our EDR services.