Endpoint Detection & Response – or why faster is better

Burglars are silent, act covertly and can strike quickly, only to disappear even faster with their loot -and cyber criminals are just the same. At best security measures help by increasing the amount of work the attacker has to do, but they rarely keep him out. The ability to rapidly recognise attacks and react even faster to minimise the extent of the damage is a valuable one. In this blog article, you will learn how to do this in the most effective, efficient way. There are five reasons why faster is better.

ICT security walls are important - but they only provide limited protection against cyber attacks

The progressive professionalization of cyber criminals' has led to those victims who really have something worth taking no longer being bothered by trashy malware attacks. At best these serve just as a distraction. That's why ICT security walls continue to make sense. When it really comes down to large amounts of money or valuable information, cyber criminals are willing to invest time, knowledge and possibly even money. The attack is planned in several phases and carried out over a longer period of time. Frequently, the company's environment is also being spied on. Just as with a potential burglary - a car driving by slowly through a smart neighbourhood with single family homes - it’s not a burglar sitting behind the wheel. It could just be a friendly visitor who is looking for the right house number. Or maybe not? Perhaps it is a potential burglar who is spying on the area for a something he likes the look of ...

Detecting security incidents at the endpoint is easier said than done

In today's complex infrastructures with their countless end devices, it is extremely difficult to detect attacks (or preparations for attacks). This is because computers neither crash nor exceed thresholds that can be monitored by conventional security tools.

Endpoint security - i.e. PCs, laptops, mobile devices as well as servers and multi-function devices in corporate networks - plays a particularly important role here. Endpoints are the main interface between users and information technology within the company. This is why endpoint security is undoubtedly one of the biggest challenges in cyber security today. However, most companies do not even know what endpoints they have and what software is being used within the company. How can a CISO or CIO quickly identify and respond to an incident in such a vague environment?

Nothing is impossible, thanks to EDR (Endpoint Detection and Response)!

Complex attacks, zero-day exploits and increasingly agile cyber crime techniques present a challenge to your endpoint security. Specialised tools are required to protect against modern cyber attacks because your cyber security analysts can't respond effectively to cyber attacks if they're overloaded with alerts and they can't see which alerts need to be dealt with immediately.

The solution is called Endpoint Detection & Response (EDR) - or in other words, artificial intelligence and machine learning, in combination with a lot of experience of one (or better, several) cyber security analysts. Not only can you find the needle in the haystack, but you can also remove it immediately.

Endpoint Detection & Response (EDR) – an overview

  • With Endpoint Detection & Response, all incidents on end devices are logged, such as user login, file opening, registry access, memory access, established network connections, and so on.
  • This data is then stored either on the devices or in a central database and combined with other databases to identify vulnerabilities and cyber threats.
  • Using behavioural analysis methods, this data is analysed to determine whether there are any indications of potential intrusion by unauthorised persons or unauthorised activities by internal perpetrators. Of course, this requires human intelligence and a great deal of experience.
  • And finally, the "response" component of the EDR comes into play. This means that it is possible to react quickly, in a targeted and appropriate manner, so minimising the scale of the attack.

And all of this needs to be done quickly - very quickly! - regardless of whether it's home time, a public holiday or a weekend. A cyber criminal doesn't care about that.

Detection & Response – but please, within 72 hours.

72 hours - does this sound familiar to you? Yes, that' s right, because this is the reporting obligation found in the basic data protection regulations (GDPR). When it comes to the loss of personal data, there's nowhere to hide anymore. Companies have to immediately report incidents like these to the appropriate authorities - within 72 hours. At first glance, this period may seem to be adequate, but in practice, it usually takes much longer. And between you and me, how long does it take for a security incident to be detected? Then you have to react and inform. Are these 3 days enough for you? We dare to make a prediction, and based on our experience with numerous companies we would say - no! -and that is exactly why you need act as quickly as possible.

5 reasons why faster is better!

  1. Threat Detection: You need to be able to identify any malicious activity and vulnerabilities in seconds, not in days or weeks.

  2. Incident Response: You must be able to reduce from weeks to minutes the response time and the effort required to completely investigate and resolve a security incident.

  3. Asset Management: You need to improve IT hygiene and with it, IT security by finding previously unknown assets. You should also identify under-utilised hardware and over-licensed software in seconds, so reducing costs and simplify decision-making.

  4. Patch Management: You must be able to carry out patch cycles reliably and efficiently, from distribution to deployment. This is the only way to ensure that any weak points can be eliminated quickly.

  5. Configuration Compliance: You need to consistently implement your security policies and take immediate corrective action on endpoints in the event of a breach.

So you see, with Endpoint Detection & Response it’s a question of speed. Faster is always better!

EDR by Tanium: efficient and effective – and thanks to InfoGuard, it’s exclusive in Europe

We will not be leaving you on your own to face this challenge. Together with Tanium, we will help you to become faster and better. Tanium combines cyber security and systems management in a single solution and with unmatched performance. In just a few seconds, you can check the credibility, assess the extent of existing viruses across the entire ICT infrastructure and initiate direct counter-measures. With the help of Tanium, you only need a few minutes to successfully prevent an attempted attack by hackers. You may be wondering what this has to do with InfoGuard. A lot! InfoGuard exclusively offers you the convincing Tanium solution in Europe as EDR-as-a-Service from our ISO 27001-certified Cyber Defence Center in Switzerland.


Cyber defence – a multi-faceted subject

Cyber defence is crucial in the battle against cyber criminals. Endpoint Detection & Response is only one link in a long chain of complex tasks. That's precisely why you can expect to get more valuable blog articles, tips and hints from our experts, as well as checklists and whitepapers about Cyber defence in the coming months. So why not subscribe to our blog updates right now? You won't be sorry!


Blog subscription

<< >>

Cyber Defence , Cyber Risks , IT Security

Reinhold Zurfluh
About the author / Reinhold Zurfluh

InfoGuard AG - Reinhold Zurfluh, Head of Marketing, Mitglied des Kaders

More articles from Reinhold Zurfluh

Related articles
Cyber Security Blog

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media