The term End Point Detection & Response (EDR) was first coined by Anton Chuvakin in July 2013. It is used to define ‘the tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints’.
EDR works by collecting data related to endpoint events using a software. This data is sent to a centralized database where further analysis, investigation & reporting is conducted by analytical tools. These tools pay heed to both internal as well as external threats. They respond to these threats while identifying the upgrades required for strengthening the organization’s cyber security. The traditional EDR tools have been successful in creating visibility and remediation of stealthy threats. However, the cybercrimes have evolved and this has led to a need for better and evolved EDR tools.
Following are some gaps between traditional EDR and modern threats that have given birth to the need for next-generation solutions:
- EDR requires cloud connectivity and an analyst has to wait for cloud response to take action. This results in a delay in protecting end devices. However, the cyber threats no longer target a single user and are capable of spreading over the entire organization, encrypting data and removing traces of attack in mere seconds.
- The attackers make use of tools already available on a computer to incorporate scripts that run directly in the memory. These in-memory file-less attacks do not leave behind a trail and may not be detected by traditional EDR tools.
- To provide visibility, EDR creates a high amount of data and analysis; thus, these solutions are not scalable and require extensive resources like bandwidth, skilled workforce, etc.
- EDR does not provide visibility into lateral network. If a threat makes its way into organizational network, it can move through connected devices and covertly communicate with a remote control server without being detected or interrupted.
In the world of ever developing cyber threats, it has become important to make a shift towards next generation EDR solutions that make use of artificial intelligence to detect threats in real time. It is advisable to use a collaboration of various security solutions to create a multi-layer cyber security shield. New EDR solutions offer wider features:
- Detect and prevent hidden exploits that are more complex than a simple hash signature.
- Visibility throughout applications, endpoints, processes & communications to detect malicious activity.
- Automation of alerts & defensive responses once an attack is detected.
- Threat intelligence and forensic capabilities to gain information about movements of the attacker in the network.
For more information about IT and security risks, call Centex Technologies at (254) 213-4740.