"Why EDR is Not Sufficient to Protect Your Organization"

Endpoint detection and response (EDR) tools are a cornerstone of most cybersecurity defenses today.  But while the technology has an important role to play in investigating threats, security researchers believe that too many organizations have made the mistake of relying on EDR as their first line of defense against security breaches.  The researchers stated that organizations cannot solely rely on EDR to keep their environments safe from the latest threats.  The researchers noted that the greatest drawback of EDR is that it is a reactive approach.  Traditional EDR tools rely on behavioral analysis, which means the threat has been executed on the endpoint, and it’s a race against time to stop it before any damage is done.  Upon observing malicious intent or activity, the EDR will block it, and the security team will move in for remediation and clean up.  The researchers argue that a reactive approach is no longer enough.  The researchers stated that some of the fastest malware can infect in less than a second after executing on an endpoint.  The researchers also noted that Ransomware, for example, can begin to encrypt systems before it is detected and blocked, and the malware may leave droppers, and artifacts behind that are missed in remediation.  The researchers stated that instead of organizations taking a reactive approach that can only deal with threats as they emerge, security strategies need to center around a preventative approach.  The researchers stated that incoming malware needs to be detected and blocked before it can execute within the network environment.  Neutralizing attacks before they can execute greatly reduces the risk of a breach occurring.  The researchers noted that it also means that SOC teams can more effectively use their EDR and XDR tools to investigate and remediate other issues without the constant fear of a severe attack occurring.  The researchers stated that security solutions need to move even more swiftly to get ahead of fast-moving cyber threats.  The researchers noted that deep learning technology presents one of the best opportunities for succeeding because its self-learning nature can enable us to understand the DNA of an attack without having to know its hash and can help predict and prevent unknown threats.

Help Net Security reports: "Why EDR is Not Sufficient to Protect Your Organization"