Home Features The Evolving Role of Endpoint Detection and Response

The Evolving Role of Endpoint Detection and Response

endpoint detection and response

With the increase in myriad devices and its constant use in this connected world, cybersecurity is a major concern for both users and enterprises. For many organizations, a perfect storm of increasing cloud and BYOD adoption, combined with ineffective technology and stretched security teams, is exposing sensitive data to unnecessary risk. Added to this is the growing attack surface due to the shift towards data-centric business models.

By Nilesh Jain, Vice President, Southeast Asia and India, Trend Micro

Today, the major area of concern in any organization is to secure the endpoints and servers where most of the breaches and frauds happen. It’s not surprising in that context that so many IT leaders see endpoint security as a critical issue. In fact, endpoint security has become a hot topic on the cybersecurity front and is rising ever higher on IT managers’ to-do lists. IT leaders want a more effective, easier to use solution to address this issue. They need to find products that can consolidate a range of security capabilities into one easy-to-manage suite.

Endpoint security has changed fundamentally over the last two decades, in many ways mirroring the evolution of the wider information security market. From the first basic anti-malware scanners of the ‘90s, through innovations in black- and whitelisting, intrusion detection, web and email filtering, and today’s sophisticated targeted attack detection products – we’ve surely come a long way.

EDR – The Black Box of Breaches

EDR systems offer defenders the first line of defense that gives them a way to gain greater visibility into what is happening at the interface between production systems and the internet, with all its threats and malicious activity.

With traditional endpoint security technology, visibility into how a threat entered the network and its travel path is limited. One reason is that, when a hacker has compromised a device, he is likely to wipe away his criminal traces. Once an attack is discovered, customers want to know what the root cause was, and how it spread. When security teams go back to investigate a breach, the devices look pristine. They do not have enough information to piece the breach together. Now, with endpoint detection and response (EDR) technology, they are finally able to.

EDR works by recording the security events on any device connected to the corporate network. These endpoint devices include desktop computers, laptops, smartphones, tablets, thin clients, printers, or other specialized hardware such as POS terminals, etc. EDR is the black box of breaches. Some of these events may be regular activities; some may reveal a clue to how the threat inched towards the irreversible catastrophe. When a breach has taken place, EDR enables security teams to playback the infection and understand what has, and how it happened.

EDR Adoption

As per a global survey by Enterprise Strategy Group, 70% of organizations are already using EDR. Enterprises are always looking for new techniques to protect themselves from increasingly sophisticated malware and some standalone EDR vendors deliver their detection and response capabilities as part of EDR. To use it effectively, one would require years of training and hands-on experience. Not all companies have a security team that can do that. The downside of EDR is that it is operationally intensive. When you combine that with a global skills shortage in cybersecurity and the high level of skills needed to use the root cause tools, many customers can’t keep with EDR. While EDR tools can be difficult to use for less experienced operators, they can improve overall security efficiency by reducing the time to detect and respond to security incidents.

EDR is crucial for advanced endpoint protection solutions capable of detecting suspicious behaviors at all levels of the computing stack from the device to the user. Another key EDR functionality is that it enables security teams to do proactive threat hunting. As the EDR market matures, Gartner expects feature improvements to focus on increasing the capabilities of the adaptive security architecture to provide more holistic and integrated security capabilities.

EDR from a Security Provider and a User Standpoint

As threats continue to become stealthier and capable of evading traditional cyber defenses, cybersecurity leaders today need a comprehensive enterprise cybersecurity strategy that pre-empts threats, reduces risk, and responds to every regulatory requirement. Security leaders are concerned with increasing complexity in their endpoint environment, compounded by advanced, multistage attacks going beyond typical malware.

Endpoint security suites are now more than ever being tasked with protecting against targeted-style threats that utilize multiple stages involving user interactions, exploit chaining and script-based attacks. As mass threats increase in sophistication, buyers and vendors have begun focusing on behavioral detection with an automatic response. According to Forrester, endpoint security suite customers should look for providers that:

  • Tightly integrate threat prevention, detection, and response
  • Extend visibility and control over a broad endpoint ecosystem
  • Offer flexibility in a variety of environments and risk tolerances

The highest priority for customers is improved detection and response, and hence we’ve integrated these capabilities into our endpoint protection platform to leverage the automation that already exists, which provides enterprises with better-layered protection. For instance, advanced detection capabilities such as behavioral analysis, pre-execution machine learning, run-time machine learning, and vulnerability protection work in concert with other endpoint detection and remediation capabilities.

Customers require a multi-layered approach to endpoint security incorporating tools that combine superior performance with low cost and centralized management. We believe it’s all about delivering the best in threat protection across all endpoints, email, and web; and ensuring that customer data is safe whether it’s run in a physical, virtual or hybrid environment. For enterprises that want to have root cause analysis capabilities on top of their advanced detection and response, endpoint sensor allows them to query endpoints and build a detailed analysis of how and where advanced attacks occurred. For those enterprises that may not have skilled threat researchers to develop this, we are expanding their MDR services that are already available in some limited geographies.

EDR is Here to Stay

Needless to say, EDR is a complex technology; its overarching benefits will make it indispensable for organizations in this highly connected digital world. Gartner’s predictions validate that EDR is here to stay. Their findings suggest that by 2022, 60% of organizations that leverage endpoint detection and response capabilities, will use the endpoint protection solution from the same vendor or managed detection and response (MDR) services.

Hence, for enterprises that are increasingly looking for scalability, strong data management, flexible analytics and open integration, EDR would be a mainstay in the 21st century.


About the Author

Nilesh JainNilesh Jain heads South East Asia and India Operations for Trend Micro since January 2018, before that he was head of India operation as Managing director of Trend Micro India business. During his stint at Trend Micro, Nilesh has been instrumental in scaling business through Sales Management, Profitable growth & adding new Customers in the fold.

With over one has half-decade of a successful Sales career at Trend Micro, Nilesh has handled Channels, SMB, Enterprise & Govt segments with equal excellence. As head of the Business, Nilesh is responsible for all functions, with foremost emphasis on managing Sales Operations, Profit & Revenue in India, and SEA (Southeast Asia) region.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.


Endpoint Security SurveyIs Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!

Endpoint Security