EDR: What It Is and Why You Need It
There’s a lot of noise in the market right now about how endpoint detection and response (EDR) is the Next Big Thing. But what exactly is EDR? Gartner1 describes it like this: “EDR tools provide a method for security and risk management technical professionals to answer two key questions about the security of their environment: What happened here? [and] What is happening right now?”
What does this mean in practice, and why is it so important for organizations to supplement their endpoint protection platform (EPP) with EDR tools and/or managed detection and response (MDR)?
What Is EDR?
Let’s take a closer look. In recent years, cybercriminals have been focusing more and more on evasive threats specifically designed to bypass existing endpoint protection measures. (This is as opposed to commodity threats, which are relatively easy for EPPs to detect and prevent.)
One reason for this is that it’s becoming much easier–and cheaper–for cybercriminals to find, combine and test ready-made tools and methods (including “rent-a-malware”campaigns with 24/7 support). In addition, these kind of attacks promise a much higher chance of success than traditional scenarios.
Add to this the surge in remote working that is dissolving the corporate perimeter for many organizations, and it’s easy to see why endpoints will remain on the frontline in the battle against cybercriminals for the foreseeable future.
So what happens when an EPP is confronted by an evasive cyberthreat? These threats are hard to detect due to the range of evasion techniques being adopted–particularly the use of legitimate and system-native tools. And by staying undetected for longer, they also have the time needed to explore and entrench themselves in a business’s infrastructure and cause more damage–be it a data breach, a ransomware or spyware attack or directly overriding operations.
The result? The average financial impact of a data breach2 is
- Page 1
- Page 2