Kaspersky has observed a worrying industry trend where next-generation and firewall vendors are pushing EDR after acquiring more universal endpoint solutions. Firewall vendors are impacting the Endpoint Protection Platform (EPP) market through the acquisition of EDR companies that strengthen their solution, but that are missing the comprehensibility of full EPP solutions. The resultant package being sold isn’t as comprehensive as a full EPP solution. Missing features like device and application hardening are a must-have, to increase efficiency and reduce a business’s threat exposure. The current solutions can be heavily reliant upon behavioural detection, which should be one part of a multi-layered EPP solution. Consequently, current packages being sold increase the risk of false positives and a reduction in productivity.
Though EDR providers often hail the solution as a silver bullet to unearth and disarm all potential threats, in reality these solutions only do half the job. Ian Thornton-Trump, CISO at threat intelligence company Cyjax, comments: “EDR solutions are not the only solution to an organisation’s security. However, they do form a valuable and indispensable layer of security to ward off the most dangerous capabilities that cybercriminals can throw at an organisation. But to be most effective, EDR solutions must be deployed into a managed, licensed and hardened IT environment.”
The concerning trend of businesses being sold an incomplete silver bullet solution has been exacerbated by a steep rise in remote working. Prior to the onset of COVID-19, 61% of business stated staffing limitations as the reason they weren’t adopting EDR. Mere months later, Kaspersky research found that nearly three-quarters (73%) of workers hadn’t received any additional IT security awareness training after a mass migration to homeworking, and a panicked change of mind towards EDR’s adoption. As a result, IT teams are not only being faced with more alerts than ever, but without the requisite guidance to filter appropriately. At best, this leads to wasted time and resources; at worst, it could result in a serious red flag being overlooked.
Despite many believing that endpoint security had run its course, this trend and the events of this year have proved that the solution is still very much alive. It is education and guidance that needs awakening.
“Just because some vendors are shouting loudest, doesn’t mean they’re looking after a business’ best interests, and that’s why it’s critical that businesses enter into a conversation that begins with discussing what they need. More often than not, what they’ll find they need is a solution built around, or integrated with, training and skills development. What companies should be investing in first and foremost is instilling that knowledge culture across the business. That will then go hand in hand with EDR being a tool that can become part of your armoury, providing greater visibility and investigation in the growing cyber-threat landscape,” comments Andy Bogdan, Head of UK Channel, Kaspersky.
“Businesses must also realise that technology from three or five years ago is not advanced enough to deal with modern malware. Investment in security technologies like EDR is required, because in technology, good becomes poor very quickly as cybercriminals sprint to innovate new capabilities monthly,” adds Thornton-Trump.
To meet this challenge head on, better understand your own security infrastructures, and truly capitalise on the benefits of EDR solutions, Kaspersky offers the following advice: