- 1. Security Toolkit: An Overview of Topics in Cyber Security
- 2. Security Toolkit: Introduction
- 3. Security Toolkit: Assessing Your Current Cyber Security Practices
- 3.1. Security Toolkit: Self-Assessment for Organizations
- 3.2. Security Toolkit: Self-Assessment for Individual Users
- 4. Security Toolkit: Specific Security Topics: What to Look into and Why
- 4.1. Security Toolkit: Endpoint Detection and Response (EDR)
- 4.2. Security Toolkit: Multi-Factor Authentication (MFA)
- 4.3. Security Toolkit: Backups and Securing Backups
- 4.4. Security Toolkit: Email Security
- 4.5. Security Toolkit: Data Sharing
- 4.6. Security Toolkit: Password Management
- 4.7. Security Toolkit: Encryption
- 4.8. Security Toolkit: Other Tips on Technology Setup
- 5. Security Toolkit: Security Policies
- 6. Security Toolkit: Training
- 7. Security Toolkit: When you Experience an Incident
- 8. Security Toolkit: 2021 Security Webinar Series
4.1. Security Toolkit: Endpoint Detection and Response (EDR)
What Everyone Needs to Know
Endpoint Detection and Response (EDR) refers to a type of software solution that is the next evolution of traditional antivirus solutions. Attackers just don’t stick to a single game plan anymore. They’ve adapted and modified their methods to be much more fluid. Today’s cat and mouse game has evolved beyond the static lists that traditional antivirus solutions can deal with. EDR solutions continuously monitor what is happening with your office’s network so that staff can rapidly investigate and stop potential security incidents.
What IT Needs to Know
EDR provides deep visibility into the status of your network and allows for threat hunting capabilities to detect and block suspicious activities. It also gives you increased forensic capabilities, which allow for administrators to build a timeline of events to determine the impact of a breach. Additionally, many insurance companies are now requiring EDR solutions to be in place for organizations.
EDR is better than traditional antivirus because it can more organically respond to threats. Traditional antivirus software relies on a database of known attacks that needs to be constantly updated by vendors. These databases are good at detecting whatever the most recent attack was, but not so good at preventing new and emerging threats. EDR relies on event and behavior analysis, which helps it detect both known and unknown threats. EDR solutions can also provide you with a timeline of an attack, giving you information such as how it occurred and what it’s trying to do, along with the capability to isolate, quarantine and remediate the infected endpoint(s). EDR can help you detect and respond to ransomware attacks, fileless attacks, and zero-day attacks.
Ransomware attacks are designed to encrypt your data and demand a ransom payment to unlock your files. This is now being combined with exfiltration techniques where attackers steal your data before they encrypt it and then threaten to release this information in the dark web if payment is not received.
Fileless attacks rely on what you already have in your environment, making it hard to detect and remove from your environment. PowerShell, for example, is a built-in Windows tool used by administrators but in the wrong hands, can be used to launch these types of attacks.
Zero-day exploits are new vulnerabilities that attackers have begun to exploit before developers have had a chance to patch. This often leads to developers having to scramble to update their systems which can take days. These attacks are sudden and require immediate attention and/or action by IT administrators.
Again, EDR helps administrators detect and respond to all of these types of attacks.
Solutions to Consider
“What is Endpoint Detection and Response” (Crowdstrike)