…the right alternate for you, and nuances associated with it
How Imperative EDR is for Organizations?
The endpoints are the entry points used by adversaries to compromise an organization, often targeted by advanced persistent threats (APT) and targeted attacks. In fact, 40 percent of security professionals say their endpoints have been an entry point for an APT or targeted attack, making endpoint visibility critical in the modern threat landscape. Traditional security solutions and techniques protect the organization to some extent but not from the risks arising from the new digital ecosystem, outmoded antiviruses based on rules and signatures are insufficient against the today’s sophisticated attacks. New tactics, techniques and procedures (TTp’s) are essential against sophisticated attacks that employ advanced malware, exploits or APTs. Endpoint detection and response can give a greater visibility into endpoint data; that’s relevant for detecting and mitigating advanced threats, limiting sensitive data loss, and reducing the risk of devastating data breaches occurring on endpoints.
Choosing right EDR System & Deployment
The essence of an Endpoint Detection and Response (EDR) solution is at its peak for any organization to ensure that they are as protected as possible from the threat of attack. Many EDR solutions have been popular, but are getting maximum attention due to the rise in ransomware, a targeted threat than can infect multiple systems within the endpoint. The rise in sophisticated attacks, ransomwares are forcing organizations to re-evaluate their security solutions and realize the importance of immediate EDR implementation.
EDR solutions have been available for several years but are getting much more attention now, mostly due to the rise in ransomware – a targeted threat than can infect multiple systems within the endpoint. The rise of ransomware is forcing anyone who handles corporate security to re-evaluate their security solutions and realize the importance of immediate EDR implementation.
EDR systems mainly demand four key capabilities – Threat detection, Quick response, Investigation and Remediation. Firstly, any organization can’t miss out to focus on these basic EDR capabilities. Advancement- Automation or big data integration, in EDR system can help to reduce attack surface but it’s not the only factor that one should consider while choosing EDR.
Key Points to remember while choosing the right EDR system
- Organizational need
- How visible EDR operations and management to you?
- Deployment model and Implementation cost
Along with organizational need & visibility, deployment model – it’s flexibility and implementation cost is one of the major constituents in choosing EDR. Deploying an EDR system across the organization is tricky. It totally depends upon the individual organization which way they want to go. Based on specific business requirements, company size and internal security strategies, organizations may choose their deployment model. Certainly there are pros and cons associated with on premise and on cloud EDR solutions both, as discussed below.
On Premise Deployment
Usually organizations are very protective about their data, so that organizations are willing to keep their data within their reach and hence opt to go for the on-premise security solutions.
Pros
- Effective within small organizations- located in same geography
- Well organized and better performance.
Cons
- Doesn’t support real time behavioural analysis
- Updating process is extremely laborious
- On premise EDR solutions required delay of at least several days to respond
- No agility when it comes to rearchitect the solutions
- Deployment cost is higher
On Cloud Deployment
Scalability, integrity, flexibility and enhanced manageability keeps cloud solutions ahead in general usage, but security needs are different. For instance, sometimes centralization of data might cause severe problems or centralized, data enriched platform leads to have better analysis and understandings.
Pros
- Pervasive protection and quick response
- Reduces the management overhead and lowers the cost
- Elimination of updating and maintenance cycle
- Scalability
- Most updated version of protection (AI-ML solutions) are always available on the fly and algorithms are adjusted constantly
- With cloud end point, remote incident response is possible which cuts down the response time.
- Cloud as a platform: everyone benefits from contributing to the cloud – except the attacker
Cons
- Lack of performance guarantee
- May not meet policy requirements /need strict privacy policies
Essence of Hybrid Deployment?
End point detection and response is not just a tool; it is a core capability of security operations. Both on premise and cloud deployments of security solutions have their own advantages and disadvantages, but EDR implementation is not only seen through the technology lens but also needs scrutiny through the business angle. Hybrid approach of deployment can eliminate the potential cons associated with both the approaches and offer the best suited solutions for real-time security problems. Again, based on individual business requirements, security and privacy policies, organization takes stand that which EDR tools and deployment they are comfortable with.
To discuss more on this topic, join us at the Best Practices Meet 2018. Click here