How Endpoint Detection and Response (EDR) tools and capabilities enable organisations to proactively combat cyber threats?

Authored By: Rahul Kumar, F-secure Country Manager for India & SAARC

Prevention is better than cure – this adage no longer holds true in the cyber security domain today. Cybercriminals and their methods of attack have become quite sophisticated. Bypassing even a well-protected security perimeter is not an impossible task for them. Businesses across the globe, as a result, are struggling to manage the growing number of threats, increasing sophistication in attack methodologies, and rising attack volumes. The Online Trust Alliance estimates that more than 350,000 security incidents took place across the world in 2017 alone, making it the “worst year ever” for security experts.

All these points towards one thing: Endpoint Prevention (EPP) alone is not sufficient to protect modern organisations against advanced stealth threats, such as zero-day and file-less attacks, emerging from the modern, dynamically-evolving threat landscape.

The current cyber security landscape, and the need for a more evolved security approach

In its 2018 Incident Response Report, F-Secure highlighted how nearly 80% of cyber security investigations began after the security perimeter was already compromised. What’s more, around 13% of security investigations were triggered by false alarms. Security experts are left chasing mirages, even as the time, money, and effort which should be spent strengthening the IT network is instead spent managing an attack that doesn’t even exist.

These are worrying statistics, especially given how reliant most organisations are now on their IT systems and data. Recent large-scale cyber security events, such as the WannaCry ransomware attack and the Dyn botnet attack, indicate why it is vital for organisations to proactively detect, track, and respond to cyber threats. There is also a pressing need to identify possible security vulnerabilities and patching them up as soon as possible.

The years-long breach at the US Department of Homeland Security, which was uncovered only in May 2017, led to personal data of more than 240,000 individuals – including current and former employees, witnesses, and interviewees – being compromised. This could have been avoided had the DHS implemented an evolved cyber security strategy that focussed on plugging vulnerabilities within its internal system.

Such sophistication in cybercrimes demands a sophisticated response from security experts. This is where advanced preventive technologies such as managed endpoint detection and response (EDR) are becoming increasingly indispensable for companies around the world.

How do managed Endpoint Detection and Response work?

Endpoint Detection and Response can be defined as a tool that focuses on spotting and investigating suspicious activities, as well as traces of past activities, on hosts/endpoints. Endpoint data plays a key role in helping to prevent or respond to a cyber-threat. Hackers usually direct their attack at the system endpoint, which can offer an accurate and direct view of how a hack has originated, and the extent of damage it has caused.

Endpoint detection and response tools monitor events at the endpoint and constantly collect data in a central database, where it is further analysed to detect suspicious activity, investigate and report, and sound an alert against possible threats. The use of analytics tools enables constant monitoring and detection, helping to avert common attacks and identify ongoing attacks, and respond to threats – both internal, as well as external.

However, there is much that EDR tools can do, even beyond detection and response. They offer a wide range of security capabilities such as data encryption, application control, device control and encryption, network access control, and much more. Most endpoint detection and response tools focus on the response component of these capabilities through sophisticated analytics that identifies patterns and detect anomalies.

This could include rare processes, new or unrecognised connections, or other risky activities flagged based on baseline comparisons. With EDR tools and platforms, these processes can be automated to trigger a sort of alarm in the system and take prompt action against or investigate further, an ongoing attack.

The Man-Machine combination: Human-led, tech-driven security for the win

Many endpoint detections and response service providers, such as F-Secure, also conduct the manual or human-led analysis of data. This is because the amount of data events recorded by the system is simply massive, making it quite difficult for it to identify the real attacks. Moreover, most breaches begin as social engineering or phishing attacks and have file-less malware, which makes detection through automated systems alone a tough ask.

This makes an integration of human and machine capabilities a necessary cyber security approach to single out the actual threats from false alarms. As the machine identifies the anomalies, human experts can analyse them and take appropriate action. This helps in reducing the sheer volume of data event white noise that often masks the actual attack to identify the threat, swiftly and accurately.

How managed EDR is levelling the cyber security playing field for small and mid-size organisations?

That organisation, big or small, need to implement advanced cyber security measures to adequately combat the evolving threat landscape is a statement that cannot be contested. Here, however, is the rub: building a cutting-edge incident response framework from scratch needs specialised resources, be it in terms of personnel, tools, or processes. Doing this in-house can place a considerable financial burden on small and mid-size organisations.

Not implementing advanced cyber security measures is also not an option. As per a recent report, SMBs are at an increased risk of a security breach now than ever before; the risk of a cyber-attack launched against a small business increased from 55% in 2016 to 61% in 2017. The same report also highlighted how the amount of data stolen during such breaches and their financial repercussions have also increased. With the average cost of the data breach to organisations somewhere in the region of $1 million, one security incident can very well put an SMB out of business.

This is why managed EDR services, such as those offered by F-Secure, are the best solution for SMBs looking to strengthen their security profiles. By extending its cutting-edge, enterprise-grade security framework and services to smaller organisations, F-Secure can help them protect their internal operations and data from advanced threats without having to invest too much time and capital into developing in-house security capabilities.

Why F-Secure’s managed EDR services could be the solution to your cyber security woes?

As one of the leading global cyber security firms, F-Secure is at the forefront of developing and helping its partners adopt managed EDR services which provide better protection against advanced threats like human-led, targeted cyber-attacks. It combines a state-of-the-art security framework and the extensive expertise of its security team with advanced technologies such as AI and Machine Learning to provide the most relevant security solutions. F-Secure’s EDR service works seamlessly with any endpoint solution, reducing the complexity of the security profile and the time needed for deployment.

F-Secure also enables full visibility on the application level through an immersive dashboard, allowing businesses to have a comprehensive view of their IT and security environments for more efficient management. This also helps in identifying whether any applications currently being run by the organisation are unwarranted or unsafe.

Constant security sweeps of endpoints across the entire organisation also help in proactively monitoring and detecting any threats or alerts, as well as in swiftly responding to alerts. It also provides administrators with a detailed, highly-contextual blueprint of the security actions they can take to contain and mitigate an active attack.

Looking into the future: The way ahead for managed EDR as a cyber security approach

Endpoint detection and response is among the fastest growing segments of cyber security, and one that has vast implications for organisations across various industries. The rate of adoption for such solutions is expected to rise exponentially over the next couple of years. The rate of adoption for such solutions is expected to rise exponentially over the next couple of years, with the rise in Bring Your Own Device (BYOD) trend across organisations expected to be a major growth driver of this technology. Today, EDR tools and capabilities are indispensable to any enterprise security solution. In the wake of some of the biggest cyber attacks in the past year or so, the benefits it offers in terms of advanced threat protection, detection of anomalies at the endpoint, and responding to attacks are just what organisations across the globe need – urgently and immediately.

Cyber security, for most organisations, is often a complex issue. While many react only after facing a threat or attack, others take proactive measures to ensure that security breaches don’t come in the way of fulfilling their business objectives. The answer as to which group you should aim to belong to, then, shouldn’t be too difficult.