Posts Tagged Cyber Security Risks

Gap Between Traditional EDR & Modern Threats

The term End Point Detection & Response (EDR) was first coined by Anton Chuvakin in July 2013. It is used to define ‘the tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints’.

EDR works by collecting data related to endpoint events using a software. This data is sent to a centralized database where further analysis, investigation & reporting is conducted by analytical tools. These tools pay heed to both internal as well as external threats. They respond to these threats while identifying the upgrades required for strengthening the organization’s cyber security. The traditional EDR tools have been successful in creating visibility and remediation of stealthy threats. However, the cybercrimes have evolved and this has led to a need for better and evolved EDR tools.

Following are some gaps between traditional EDR and modern threats that have given birth to the need for next-generation solutions:

  1. EDR requires cloud connectivity and an analyst has to wait for cloud response to take action. This results in a delay in protecting end devices. However, the cyber threats no longer target a single user and are capable of spreading over the entire organization, encrypting data and removing traces of attack in mere seconds.
  2. The attackers make use of tools already available on a computer to incorporate scripts that run directly in the memory. These in-memory file-less attacks do not leave behind a trail and may not be detected by traditional EDR tools.
  3. To provide visibility, EDR creates a high amount of data and analysis; thus, these solutions are not scalable and require extensive resources like bandwidth, skilled workforce, etc.
  4. EDR does not provide visibility into lateral network. If a threat makes its way into organizational network, it can move through connected devices and covertly communicate with a remote control server without being detected or interrupted.

In the world of ever developing cyber threats, it has become important to make a shift towards next generation EDR solutions that make use of artificial intelligence to detect threats in real time. It is advisable to use a collaboration of various security solutions to create a multi-layer cyber security shield. New EDR solutions offer wider features:

  • Detect and prevent hidden exploits that are more complex than a simple hash signature.
  • Visibility throughout applications, endpoints, processes & communications to detect malicious activity.
  • Automation of alerts & defensive responses once an attack is detected.
  • Threat intelligence and forensic capabilities to gain information about movements of the attacker in the network.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

, , ,

No Comments

Tips For Managing Cyber Security Risks

22 July, 2016

The incidences of online attacks have undergone a steep rise over the past few years, making cyber security a top priority for the organizations. A security breach can jeopardize the confidentiality of a company’s network and important data, leading to financial losses as well as reputational damage. Therefore, it is important to be proactive and identify as well as mitigate the potential threats to the corporate network.

Listed below are tips that can help organizations manage cyber security risks:

Internet Firewalls And Gateways

Internet firewalls, gateways and other such mechanisms should be adopted to protect the corporate network against unauthorized access. Devoid of proper security techniques, the company’s files, client details and other important information are at risk of being stolen, manipulated or deleted. A firewall will monitor the traffic on the organizations’ internal network and block any suspicious or unauthorized users. However, it is important to ensure that the firewall is frequently updated and password protected.

Secure Configuration

All the devices connected to the network should be properly configured to adhere to the cyber security policies of the company. This will help to identify and deal with the potential vulnerabilities. The default security settings on any device can serve as an easy backdoor for the hackers to gain access to your corporate network. Therefore, when installing networking devices, these settings should be changed and safeguarded with a strong as well as hard-to-crack password. Unrequired user accounts should be deleted and obsolete software should be updated or disabled. Auto-run feature should also be deactivated to prevent unintended installation of malicious software.

Software Management

Most cyber-attacks are initiated by exploiting the security vulnerabilities in the software installed on a computer system. Hence, it is essential to regularly download and install the updates released by the software vendors. The organization should frame a comprehensive patch management policy to ensure efficient and effective updating of the software. There should be a specified time frame within which the patches need to be installed on the networking devices. Also, all the software updates should be licensed and released by a legitimate authority.

Malware Protection

When computer systems are connected to the internet, they are likely to download malware through spam emails, fake websites, malicious advertizements or drive-by downloads. Anti-malware software should be installed to protect against such online threats. Make sure you keep it updated and allow regular scans to detect any malware installed on the device.

Centex Technologies is a leading IT consulting firm providing cyber security solutions to business firms across Central Texas. For more information, you can call us at (855) 375 – 9654.

,

No Comments