Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.
If your organization has computers, and I’m sure it does, then it's likely it has an Endpoint Detection and Response (EDR) solution installed. Since the capabilities of EDR solutions have changed over the years, it’s recommended to re-evaluate the solution’s features periodically to ensure it is up to date. Let’s consider some of the facts, features, and choices to consider with EDR.
EDR, or Endpoint Detection and Response, is the evolution of a collection of tools used to protect computers and servers. Back in the day, antivirus solutions met the standard of “good enough protection for computers” – i.e., an AV would compare files against a hash, and if it matched, the file would be quarantined or deleted. However, as hackers got smarter, so did the tools needed to detect their activities. As a result, EDR is now a multilayered architecture for detecting, investigating, and preventing malicious activity on operating systems.
Image 1: MDR Enterprise Architecture.
The EDR’s features will vary by vendor and cost. Since all organizations will need EDR, the sales market for these solutions is very aggressive and constantly evolving. Here are some of the most common features:
EDRs:
1. EDRs aren’t a silver bullet. EDRs should be considered just one of many tools required for a full security defense architecture.
2. EDRs can be bypassed using techniques like ‘unhooking’. This means additional logging methods should be considered on critical servers or endpoints.
3. EDRs don't log every keyboard stroke. They depend on process monitoring, not human interaction.
4. Finally, EDRs can’t always detect zero-day attacks.
As EDR solutions evolve, it’s a good idea to review their cost vs. value. Understanding the full breadth of your security architecture is an important qualification for choosing and integrating EDR/MDR/XDR in an enterprise.
References
About This Blog Series
Follow the full series here: Building Defenses with Modern Security Solutions.
This series discusses a list of key cybersecurity defense topics. The full collection of posts and labs can be used as an educational tool for implementing cybersecurity defenses.
Labs
For quick walkthrough labs on the topics in this blog series, check out the story of “ZPM Incorporated” and their steps to implementing all the solutions discussed here.
Compliance
All topics mentioned in this series have been mapped to several compliance controls here.
David Broggy is Senior Solutions Architect, Implementation Services at Trustwave with over 21 years of experience. He holds multiple security certifications and won Microsoft's Most Valuable Professional (MVP) Award for Azure Security. Follow David on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.