The rise of cyber-attacks has led to a major uptick in breaches in recent years, and not only have these attacks increased in volume, but in sophistication as well. Although the motivation of hackers remains the same – money, information, and more money, their new methods are much more complex, invasive and harder to stop. Cyber-criminals are now attacking the endpoint, bypassing traditional hacks and hitting organizations where it hurts most. The need for an Endpoint Detection and Response (EDR) solution is at its highest for any organization who wants to ensure they are as protected as possible from the threat of attack.
EDR solutions have been available for several years, but are getting much more attention now, mostly due to the rise in ransomware, a targeted threat than can infect multiple systems within the endpoint. The rise of ransomware is forcing anyone who handles corporate security to reevaluate their security solutions and realize the importance of immediate EDR implementation.
Traditional antivirus solutions, although very important in their own right, aren’t enough to protect an organization from attacks on the endpoint. In addition, traditional antivirus solutions can only block what they know, and if a threat isn’t recognized, it still has the ability to pass through. A strong EDR, on the other hand, can evaluate software and label it as a threat or can identify it as “goodware,” letting only this permissible category through. This is important as the sophistication of hacks improve.
It’s clear EDR solutions need to be an organizational asset now and into the future. Here are what organizations need to consider when choosing the right EDR solution:
- Tradition – Organizations need to choose an EDR solution from a company that has tradition in the cybersecurity space. To meet the demand for EDR solutions and products, start-ups and new companies are popping up all over the cybersecurity space. Yet, they are relying on third party data, as opposed to cybersecurity firms who have the knowledge, history and proprietary data to classify threats as either “goodware,” or “badware.” Several upstart firms offer solutions that will just score the threat, while not formally classifying it as “good” or “bad”. This method of scoring still has the potential of allowing an unknown threat to slip through the cracks. When it comes to something as important as an organizations’ information, CTOs need to have confidence they’re relying on trusted data, and not just estimates. Although risk tolerance varies from organization to organization, it is something that needs to be defined as part of a security strategy.
- Visibility – An EDR solution should run as a managed service based on complex analysis, and organizations need to have visibility into EDR operations and management, yet have the confidence in it as a managed service. This is a highly technical product, and it’s important a firm provides a full service, not just the product.
- Implementation Cost – Organizations of all sizes need to consider what it’s going to cost to get an EDR up and running within their system. Everything needs to be considered, including technical resources, services, installation, updates, and support to name a few. It is not simply just the cost of licenses. The more complex the technology, the more things (like hard and soft costs) need to be considered when it comes to price/budgets.
Information is the bloodline of every organization, and when that information is threatened, the entire organization is threatened. We all know based on major corporate hacks at Sony, Target, and JPMorgan Chase, that it can be devastating not only to the company, but to consumer and client confidence in that brand. As ransomware and other advanced attacks continue to be more commonplace for hackers, having the right EDR solution in place is now more important than ever.
About the author: Tom Wayne is Panda Security’s Sales Manager for the U.S. and Canada markets. Tom is based in Orlando, Fla.