We’ve all heard stories of how one click can lead to a lockdown of hundreds of company computers, but recognizing a cybersecurity attack isn’t always that easy.
In fact, one of the most pernicious aspects of a cybersecurity breach is the length of time threat actors often lurk on a network before the victim discovers the breach. According to FireEye’s Mandiant 2018 M-Trends report, this so-called dwell time averaged 101 days — more than three months — in 2017. That’s more than enough time for hackers to do almost any damage they wish.
Often, breaches can take even longer to detect. Lord & Taylor and Saks Fifth Avenue, for instance, detected a breach in March 2018 that was likely initiated in May 2017, giving the bad actors almost a year to siphon data. But the consequences of undetected breaches can go even further for businesses, shaking consumer and investor confidence as well.
With this in mind, what can businesses do to help prevent these attacks? Enter the latest generation of endpoint detection and response (EDR) technology. Paired with security best practices, these tools can help detect a breach early and limit damage from attacks lurking inside your system.
As the threat landscape expands and companies are hit with more types of malicious threats every day — in particular, those directed at users via printers, laptops, phones and other endpoints — EDR has proved to be a key part of a business’s defense toolbox.
“EDR monitors endpoints to detect suspicious activities and capture data for forensic and security investigations, focusing on each stage of an attack — often referred to as the ‘kill chain,’” explains Sherry De La Torres, a CDW security solution architect.
In their arsenal, hackers have a variety of tools to help them avoid detection. EDR can offer more visibility into the attack itself, which can offer an IT team the information it needs to more quickly understand and remediate an attack.
“Until the advent of EDR, the traditional approach of collecting forensic data from endpoints has been on a reactive basis, where a forensics tool would be deployed to target post-event endpoints and the data collected would depend on what the operating system logged,” explains a recent report by Gartner. Now, with EDR, IT teams have access to “deep granular endpoint data” that’s traditionally been provided by network and perimeter security solutions.
This means that, with EDR, organizations have the means to search out endpoint-related activity, whether it be malicious software or simply information that can help inform operations, like patching or application use.
But EDR solutions aren’t just set-it-and-forget-it technologies. Understanding what an alert or activity means requires expertise, and so companies should take care to invest in security talent and training for EDR solutions.
“EDR provides very rich and very complex data that requires advanced knowledge, understanding and experience to analyze and understand,” the Gartner report notes.
For this reason, it’s often prudent for small businesses to seek out managed security services for help in managing and using EDR effectively.
As the threat landscape expands, what was once just a printer could now be a hacker’s point of entry into a company’s systems. Those IT teams that can clearly see every device on the network will likely be the best positioned to take on attacks.