The cybercrimes landscape has changed drastically over the last few years with bad actors getting far more aggressive. Recent attacks have proven that no industry – hospitals, schools, manufacturers, government – is safe. However, as cyberattacks have increased, so have advances in cybersecurity defenses.
EDR, or Endpoint Detection and Response technology, has had a significant impact in protecting organizations. What is EDR and does your organization need it? Before jumping into EDR, let’s take a brief look at the history of anti-virus protection.
In this Article
- Definition-based Anti-Virus protection is effective against already known cyberthreats.
- Today’s cyberattacks target more than just file types like PDFs. No file type is immune from compromise, including those supporting your operating system.
- EDR, or behavioral-based technology, keeps systems safer by proactively responding to new threats.
The Early Days
Many of us remember loading anti-virus (AV) protection software onto our very first personal computer – think of names like Norton, Kaspersky, and McAfee. This software required an annual subscription and more than a little maintenance. As the necessity for AV increased, so did the number of AV offerings available in the market. Managed AV software, like Microsoft Defender, is now a standard installation on all machines and updates are frequent, automated occurrences.
The hallmark of AV software is its “definition-based” blocking technology. Definition-based, or signature-based, anti-virus solutions rely on malware samples which are used by researchers to identify if a threat is real. If the threat is real it is uploaded to their database for effective protection moving forward. This method only provides protection for known threats, and only after they’ve been researched. While better than no protection, the amount of time that this process takes presents a gap in your security. In addition, some modern threats can circumvent definition-based AV protection.
Over the course of the last few years, bad actors have deployed exploit tactics that are far more advanced. In the past, their technology limited their targets to file types like PDF, Word, and Excel documents. Fast-forward to today and no file type is safe. System-level files used for supporting your operating system, database files for things like SQL and Microsoft Exchange, and even certain on-premises backup solutions are no longer immune.
Extortion techniques for attacks like ransomware have evolved, as well. Historically, bad actors would ask for some amount of money to provide the decryption key to unlock your data. If you had good backups, this was a non-issue. Today, many ransomware threat groups will host multi-level extortion schemes. Data will be encrypted and exfiltrated (stolen from your environment). You will be charged for the decryption key, and again to prevent the sale of your corporate data. Some groups go so far as to harass employees and customers until they receive payment – and, sometimes, charge a third fee to stop the harassment.
This brings us to Endpoint Detection and Response, or EDR. EDR is behavioral-based detection technology. This means that the tool no longer relies on the dated method of discovering threats first, then protecting for them. EDR records every single activity and event, then, using AI and machine learning, correlates information to provide context to detect threats and runs automated response activity, like isolating an infected endpoint in real-time. In other words, the EDR security doesn’t wait to be told what to look for, it is constantly analyzing and is able to identify threats more proactively based on past behavior of the systems. In the rare event that a machine is compromised, some EDR solutions like SentinelOne have a built-in ability to roll a machine back to a pre-infected state.
EDR is quickly becoming the industry standard. Gartner predicts that by the end of 2023, more than 50% of enterprises will replace legacy AV security systems with EDR solutions. GadellNet is making strides to offer those same protections to our clients now. We have always offered SentinelOne® EDR protection under the umbrella of our Guru Sentry Prevent and Detect solution. In early January 2022, we upgraded our offering to SentinelOne Complete®.
We made this change because we want to offer our clients the best and most cost-effective solution available. The average cost of a data breach is $20,000 between ransom demand and the cost of work downtime. Shutting down a data breach as quickly as possible is key and EDR protection offers greater speed.
Finally, in the last twelve months, we are finding that many cyber liability insurance policies now require higher levels of cybersecurity in areas like Multi-Factor Authentication, SIEM, and EDR protection.