Amid a sudden and forced transition to remote working this year, businesses have felt they needed divine intervention to guide their accelerated digital transformations. With security sitting high on the to-do list, many have opted for Endpoint Detection and Response (EDR) solutions, which are generally offered by ‘born in the cloud’ vendors, to protect their now-dispersed device network. However, Kaspersky experts are of the view that this approach is leading to businesses boasting an inadequate, and not fully secure, solution with unhardened software.
The cybersecurity expert has noticed a worrying industry trend where next-generation and firewall vendors are pushing EDR after acquiring more universal endpoint solutions. Firewall vendors are impacting the Endpoint Protection Platform (EPP) market through the acquisition of EDR companies that strengthen their solution, but that are missing the comprehensibility of full EPP solutions.
The resultant package being sold isn’t as comprehensive as a full EPP solution. Missing features like device and application hardening are a must have, to increase efficiency and reduce a business’s threat exposure. The current solutions can be heavily reliant upon behavioural detection, which should be one part of a multi-layered EPP solution. Consequently, current packages being sold increase the risk of false positives and a reduction in productivity.
The issue stems from EDR being sold as a silver bullet to unearth and disarm all potential threats. The result is a host of organisations being presented with an incomplete or disjointed picture of their threat landscape.
Ian Thornton-Trump, CISO at threat intelligence company Cyjax, comments: “EDR solutions are not the only solution to an organisation’s security. However, they do form a valuable and indispensable layer of security to ward off the most dangerous capabilities that cybercriminals can throw at an organisation. But to be most effective, EDR solutions must be deployed into a managed, licensed and hardened IT environment.”
The concerning trend of businesses being sold an in complete silver bullet solution has been brought to the fore this year, with much of the world’s workforce having to transition to remote working. Prior to the onset of COVID-19, 61% of business stated staffing limitations as the reason they weren’t adopting EDR. Mere months later, Kaspersky research found that nearly three-quarters (73%) of workers hadn’t received any additional IT security awareness training after a mass migration to homeworking, and a panicked change of mind towards EDR’s adoption.
As a result, IT teams are not only being faced with more alerts than ever, but without the requisite guidance to filter appropriately. At best, this leads to wasted time and resources, while at worst it could result in a serious red flag being overlooked.
Despite many believing that endpoint security had run its course, this trend and the events of this year have proved that the solution is still very much alive. It is education and guidance that needs awakening.
“Just because some vendors are shouting loudest, doesn’t mean they’re looking after a business’ best interests, and that’s why it’s critical that businesses enter into a conversation that begins with discussing what they need. More often than not, what they’ll find they need is a solution built around, or integrated with, training and skills development. What companies should be investing in first and foremost is instilling that knowledge culture across the business. That will then go hand in hand with EDR being a tool that can become part of your armoury, providing greater visibility and investigation in the growing cyber-threat landscape,” comments Andy Bogdan, Head of UK Channel, Kaspersky.
“Businesses must also realise that technology from three or five years ago is not advanced enough to deal with modern malware. Investment in security technologies like EDR is required, because in technology, good becomes poor very quickly as cybercriminals sprint to innovate new capabilities monthly,” adds Thornton-Trump.
To meet this challenge head on, better understand your own security infrastructures, and truly capitalise on the benefits of EDR solutions, Kaspersky offers the following advice:
- For endpoint level detection, investigation and remediation of incidents, EDR solutions such as Kaspersky Endpoint Detection and Response will help to pinpoint threats to devices
- However, for those with limited expertise in cybersecurity, Kaspersky EDR Optimum provides further core EDR capabilities, including better visibility into endpoints, simplified root cause analysis and an automated and manual response option
- When budgets, time and resources are limited, a service provider model can better protect your devices at this time of transition
- To this end, Kaspersky offers the option of training with all aforementioned solutions as a way to keep operations in-house, but with external skills development assistance to ensure you’re doing so in an effective way
- Kaspersky’s awareness training for employees explains how to recognise a cybersecurity incident and what they should do if one occurs.
Read the latest edition of PCR’s monthly magazine below: