Which endpoint detection and response approach is right for you?
Historically, organisations have focused their security efforts on network and e-mail security, neglecting the endpoint.
But relying on perimeter-orientated security will not protect the organisation against the kind of endpoint or insider attacks that have become increasingly prevalent, says Jeremy Matthews, regional manager at Panda Security.
Matthews will be discussing different approaches to endpoint detection and response (EDR) at the ITWeb Security Summit 2019, to be held from 27 to 31 May at the Sandton Convention Centre.
"There is an imperative to move beyond traditional AV protection to meet the current generation threat types," he says. "Greater emphasis, and spend, should be put on endpoint security, to shrink the attack surface and harden protection."
EDR represents the next-generation of cyber security solutions, as it is an additional layer of security, specifically developed to target sophisticated threats and addresses the limitations of traditional protection.
These technologies do this by monitoring, detecting, preventing and remediating incidents on all endpoints. "It's able to detect and react to threats in real-time - enhancing security visibility beyond the scope of the endpoint protection platform (EPP), which relies on signature-based protection."
According to Gartner, EDR technologies have four key capabilities: detecting security incidents, containing any incidents at the endpoint, investigating security incidents, and remediating workstations to their pre-infection state.
However, Matthews says Panda Security finds there are different ways to approach EDR - some approaches are detection-focused, some put prevention first, while others utilise manual whitelisting or automatic classification; some are EDR-only or a combination of EDR and EPP; other approaches include additional data analytics tools, and some are dependent on certain hardware or software, which means vendor lock-in.
"The importance of each of these factors is something individual organisations must decide," adds Matthews. "However, Gartner predicts that the coalescence of EDR and EPP is where the industry is heading. Already, some forward-thinking vendors provide comprehensive solutions, which include automatic classification, data logs, reporting tools and SIEM solutions, to streamline the task of managing and reporting on organisational cyber security."
Delegates attending Matthews' talk will gain a deeper understanding of EDR in practical terms, as well as a view of EDR in the context of an overall security strategy. He will also cover the different approaches to EDR and how to decide which approach is right for the business. Finally, he will discuss the value of EDR telemetry and the role of EDR when implementing a security information and event management (SIEM) solution.