How EDR Offers Threat Detection, Insights, and Remediation

The digital perimeter for business continues to expand. Work takes place everywhere now, and endpoints have proliferated as enter- prises stand up remote arrangements outside the office.

  • Published: 03-05-2022

  • Related Category: Threat Intelligence

  • Type of Content: Reports

  • Owner: Malwarebytes

The digital perimeter for business

continues to expand. Work takes place everywhere now, and endpoints have proliferated as enter- prises stand up remote arrangements outside the office

But endpoints are one of the biggest risks to business data today: They are a constant target of cyberattacks and often infected with sophis- ticated malware as a result. According to IDC’s 2020 EDR and XDR Survey, advanced malware was the most frequently cited contributor to security breaches. Oversight and challenges with manag- ing endpoints were also contributing factors.

Respondents cited these factors in recent breaches:

  • Advanced malware: 33%
  • Compromised credentials of respondents: 27%
  • End user oversight: 24%
  • Alerts from endpoints not triaged properly: 24%
  • Alerts generated from endpoints not investi- gated sufficiently: 20%

In this white paper we will examine the current challenges organizations face in securing endpoints, and how an endpoint detection & response (EDR) solution can help them deflect the increasing threats they face every day.

The challenge of traditional endpoint security products

Businesses expect a lot from their endpoint security products. Security leaders look to these products to stop malware from spreading on their networks, to protect private data, and to prevent phishing and ransomware attacks.

But today’s threats are sophisticated, persistent, and the best traditional (non-EDR) endpoint protection is now regularly bypassed.

“Attacks now are very sophisticated and criminals are very capable,” said Bill Reed, senior global product marketing manager with Malwarebytes. “They are turning up the dial. Attacks are now a full-fledged business model for them.”

The plague of ransomware

Ransomware in particular has become a plague on businesses. These type of attacks spiked in the months following the start of the pandemic and show no sign of abating. Organizations are feeling the pinch– 41 percent of all cybersecurity insur- ance claims are because of ransomware attacks, according to Coalition’s H1 2020 Cyber Insurance Claims Report. Criminals often manage to execute ransomware through phishing campaigns, by exploiting Remote Desktop Protocol (RDP), and via common, unpatched software vulnerabilities.

Historically, ransomware locked access to files, and victim businesses were forced to pay a ransom to restore access. But ransomware gangs have now upped the stakes in attacks – and they are employ- ing even dirtier tricks. Instead of simply locking access to files, they now steal important informa- tion and extort organizations multiple times by threatening to leak the stolen data.

“They come in and say, ‘We have your sensitive files, and we are going to expose them to the world if you don’t pay us more,’” said Reed.

To fight back against ransomware, organizations need the ability to immediately detect known and unknown threats, actively respond in real time, and thoroughly isolate and investigate. If data is lost or held for ransom, firms need to remediate, rollback, and recover quickly and completely.


Alerts are a huge challenge point

While breach warning signs are a daily occurrence, they are not acted upon all the time for various reasons. The IDC survey found nearly 33 percent of respondents say too many alerts turn out to be false positives.

There is simply not enough time or staff to investi- gate each warning – and security alerts take up far too many resources. The mean number of alerts investigated weekly is 352, according to IDC, and more than half of organizations are spending more than 500 hours investigating alerts each week. Another 8 percent are spending more than 900 hours.

“In larger firms, thousands of alerts are lighting up every month,” said Reed. “I’ve talked to organiza- tions with as many as 5,000-6,000 alerts a month. It used to be organizations could ignore many of the minor alerts, but that’s no longer true. The bad guys are more patient and sophisticated now, often taking weeks or months to penetrate networks before finally attacking. Each alert could be that little seed they are planting to pull off an attack later.”

Indeed, the survey shows if resources are not available to manage all alerts to completion, there are consequences. Results reveal 70 percent of respondents suffered at least one major security breach in the last two years.

>> Download Report to continue reading.

Related Reports: