EDR saves the day for faster response to cyber attacks
Endpoint detection and response (EDR) offers a vital additional layer of security to detect even elusive and unknown threats early in the attack chain. However, there are still myths and misconceptions around the value of EDR.
This is according to Irina Artioli, Cyber Protection Evangelist at Acronis, who was speaking during a webinar on EDR, hosted by Acronis in partnership with ITWeb.
Artioli said EDR monitoring and analysis helps IT security to automate and process data and integrate with other security layers to enable organisations to respond to attacks as quickly as possible. “If you can’t see it, you can’t stop it. EDR provides visibility into endpoint activities and actions with malicious intent to enable you to detect and stop attacks faster.”
She said: “There are some objections to EDR. Some organisations believe they don’t need it, they say they don’t have the budget for it, or that their business is too small to be a target. Many also believe EDR is unnecessary, since they already have multiple layers of security in place.”
Addressing these objections and misconceptions, Artioli said: “For ransomware, known malware and polymorphic malware, we can mitigate risk with anti-malware tools such as AV, NGAV, anti-ransomware, anti-exploitations, URL filtering and patch management.
"But for elusive threats such as zero-day exploits, fileless attacks, APTs and living off the land attacks, most traditional tools won’t identify anomalous behaviour and software. That’s where EDR comes into the scene – it identifies all events that are happening, and identifies if our benign software is being used for malicious purposes. EDR detects intent by correlating a series of actions an attacker performs to be successful at its objective. EDR allows you to take a deeper look into the network and stay ahead of the attack.”
She explained: “Traditional anti-malware software is like a traffic light – it follows particular rules, based on patterns and sequences. EDR is more like a sophisticated traffic surveillance system – monitoring and analysing data to continuously observe anomalies and erratic behaviour, and can alert authorities to unusual events. Because EDR raises an alert earlier, the incident can be contained faster and the impacts are reduced.”
Artioli said traditional anti-malware has low visibility into attacks. “EDR has broader visibility into attacks, and maps how it got in, how it hid its tracks, what harm it caused and how it spread. It provides a multitude of response capabilities to contain the incident at the endpoint, investigate security incidents and remediate,” she explained.
“For SMEs concerned about complexity, EDR is made easier with integration with other security tools and made simpler with AI. EDR provides additional value through its ability to reduce incident response costs, enhance operational efficiency, support compliance and risk mitigation.”
She said many EDR solutions are regarded as too complex and costly to operate, needing multiple point solutions for complete protection and business continuity. However, she noted that Acronis Advanced Security + EDR leverages advanced machine learning for automated threat detection and correlation of alerts into actionable incidents, offering swift response capabilities. Its intuitive attack interpretation, aligned with the MITRE framework, ensures quick incident resolution. Additionally, its seamlessly integrated backup and recovery features deliver unparalleled business continuity, setting it apart from other endpoint protection vendors.