There are now a number of different devices that are using an organisation’s network – including tablets, multiple laptops and smart phones. Added to this, cybercriminals are developing more sophisticated methods of attack in order to exploit vulnerabilities. This all adds to the complexity of end point security and adds to the struggle of cybersecurity specialists.
Where to begin? First, it’s important to understand endpoint detection and response (EDR). The terms was coined by Anton Chavukin, a researcher with Gartner in 2014. He described EDR as
“the tools primarily focused on detecting and investigating suspicious activities (and traces of such) [and] other problems on hosts/endpoints.”
The concept is that attacks and threats are identified and there is a response to them as quickly as possible. This is done in a number of different ways such as monitoring activities and events within the network; recording of these events and then analysing these records and finding threats.
There are several things that can be done to strengthen the security around endpoints – starting with educating the user and training them to be aware of the role they may potentially play in breaches. This includes teaching them about the risks that are out there and how they may unintentionally open a door for hackers. It’s important that staff understand the ramifications of not being vigilant and that they are well schooled in the company’s security policies.
When a breach does occur, it’s also valuable to understand why precisely it’s happened and what can be done to stop them from happening again. For it to be effective, EDR needs to be a strategy that is part of an organisation’s security policy and not an activity or event that occurs only once in a while. Sadly, many companies don’t make endpoint security a priority when it comes to planning.
We regularly hear about the skills shortage in the cybersecurity sector, and this is certainly a factor that has contributed to many aspects of security being overlooked – including EDR. This does indeed impact how many organisations do security, however the solution may lie in appointing someone who does managed detection and response (MDR).
MDR is a perfect fit for companies who lack the right kind of resources or funds to have a skilled security professional on board full time. It certainly addresses the skills gap that we know exists in the industry. Ultimately, whatever solution a company employs, it needs to be the right fit for their needs.
Cybercriminals are constantly evolving – so are we.