Skip to main content

Using EDR for layered security

Using EDR for layered security
(Image credit: Pixabay)

It is public knowledge that cybersecurity risks are increasing, not just in volume but, crucially, in scope.  

The attack surface has expanded with the advent of more and more devices in the organisation network. Twenty years ago, most enterprises relied solely on on-premise infrastructure. 

The few employees who did have personal devices, in an era before smartphones and BYOD policies, had most of their data and computing assets kept behind a relatively defensible perimeter, protected using conventional security for their IT infrastructure. Mostly, it did its job - but the job description has been ripped up and rewritten. 

The advent of cloud computing and the Internet of Things (IoT) has created inter-device connectivity on a scale previously unseen. With an expanse of new devices equating to a wide array of new entry vectors; a defensible perimeter is now insufficient in isolation. 

According to Gartner, the number of IoT devices globally will surge to 5.8 billion by the end of 2020, a rise of 21.5% from 2019. Computing has been reconfigured and, unless cybersecurity keeps pace with it, enterprises will expose themselves to the full consequences of intrusions, from data loss to regulatory compliance. 

About the author

Terry Greer-King is the VP EMEA of SonicWall.

Internal and external visibility

Conventional approaches, primarily preventative in scope, never have a 100% success rate in isolation. There needs to be a preliminary stage to this, a precursor which makes use of advanced AI tools to drive analytical monitoring of the endpoints and the threat landscape. An enterprise that understands the threats it faces and its own internal vulnerabilities will be in a strong position against breach prevention. 

Transparency here is key. For endpoint security to work, there must be improved visibility. Having defense systems in place is part and parcel of modern cybersecurity but the need for analytics, and the awareness that we exist in a rapidly evolving technological landscape, is increasingly a requirement. A response is great but a detection system which can stop threats at source is even better. 

In the efforts to adopt and maintain a good security posture, the requirement for a layered security approach is increasingly becoming public knowledge. The form that this may often take, however, is less apparent. Enter Endpoint Detection and Response (EDR), a layered security approach, proactive in its analytics and defence mechanisms and reactive in its rapid response to breaches. 

Endpoint Detection and Response today

The Endpoint Detection and Response market is experiencing rapid growth, estimated to be worth $1.54 billion in 2020, up from $238 million in 2015. As endpoints become more intrinsically linked to business networks, securing them has inevitably become more important.

In its purest form, EDR is a monitoring solution which augments a cybersecurity system through the analysis of every single event on the endpoint. It is an extension of the EPP (Endpoint Protection Platform). Instead of blocking a single activity, it has a constantly activated monitoring system through which threat actors can be located and acted against.

Expanded attack surfaces require not only a wider perimeter but one which is more intuitive and advanced, embedded with AI capabilities so intrusion attempts can be detected upon entry. Layered security is designed exactly for these instances. With numerous defence capabilities, from perimeter firewalls through to cloud-based detection platforms, there can be a holistic approach to cybersecurity - one which encompasses every angle of attack. 

The layering element of security is tangible here. EDR is a total solution, one which helps organisations ‘cover all bases’ from cybercrime in its multiple facets, the ultimate goal being not only to detect and counteract threats, but to proactively search for them and stop them at the gate. 

Cloud-based sandbox file testing is comprehensive in its analysis of threat vectors, with the potential to create threat visualisation maps within databases. This provides consistent assurance of security, with actionable, easy-to-use intelligence and reporting. 

Assurances extend beyond security, with a streamlining of regulation practices a core benefit for enterprise. EDR solutions provide tangible benefits by establishing to regulators, customers and compliance staff that data security is of paramount importance to the business. 

EDR solutions demonstrate that whilst threats are being constantly monitored, highly detailed information about endpoint events can be developed coexistent to this and retained, with remediation of security threats occurring as quickly as possible in response.

Layering for the future

The picture is clear: cybersecurity systems must be multi-faceted and layered, not only to protect sensitive data but to ensure breaches are properly accounted for. Multiple endpoints within business networks is the status quo for enterprise; only a modernized, advanced cybersecurity platform can help them operate at speed without sacrificing the constant need for security monitoring. 

The cybersecurity space is not and never will be stagnant - which means that, more than ever, there must be a predictive element to supplement the systems in place. Layered security, built upon the premise of adaptability and with a future-orientated lens, is the only solution capable of dealing with threats in their present and future form.

 

Terry Greer-King is the VP EMEA of SonicWall.