Sunday, September 15, 2024

Understanding What An EDR Really Is Without The Techno Jargon

 


The Cybersecurity world, as I had mentioned in one of my previous blogs, is no doubt full of techno jargon.  While using these fancy terms might be great for marketing efforts in order to attract new customers, the bottom line is that at some point in time, you are going to have to break this down for people to understand.  This is especially critical when you onboard a new customer. 

They are not going to care about the techno jargon that you dazzled with them before, now they want to make sure that the product or solution is going to work, and yield a positive Return On Investment (ROI) down the road.

Such is the case with this new piece of techno jargon.  It is called “Endpoint Protection”.  Although the deployments that are involved with this can be fairly complex, depending upon your requirements, simply put, all that it means is beefing up the lines of defenses that you have for all of your devices, whether they are physical or even in the cloud.

Probably the most typical example of this are the wireless devices that you have given to your employees in order for them to conduct their daily job tasks.  Obviously, given the sheer importance of them, you will want to ensure that are as Cyber secure as possible. 

So how can one go about doing this, in clear and simple terms?  Well, here are some tips:

1)     Deployment:

It is always preferable to use the same Cyber vendor for Endpoint Protection solutions, unless you have a compelling reason to use different vendors.  But whatever route that you do decide to go with, always try to stick to the same deployment methodology.  True, each product/solution will be different, develop a set of best standards and practices that are uniform.  That way, it will be easier to troubleshoot issues, and do upgrades in a consistent manner over time.

2)     Configuration:

As just mentioned, whenever you do software patches and firmware upgrades, keep a detailed history of what has actually been installed.  Or if you make any changes to the Endpoint Protection solution itself, that has to be documented as well.  Remember, depending upon how large your organization is, you will need to inform all of your employees well ahead of time of the changes that will occur.  But first, it is highly advisable to have a meeting with the representatives from the other departments to see what the impact will be, and how it can be minimized.  This is technically known as “Configuration Management”.

3)     Logging:

If in the unfortunate chance your business has been hit with a security breach, you will want to at some point conduct a detailed forensics investigation to determine how exactly it happened.  You will need all of the evidence that you can get, and one of the best forms of this are the log files that are outputted from the Endpoint Solution.  Thus, make sure that data is being collected on a real time basis, and that your solution is optimized at all times.  Further, by using Generative AI, keep track of any unusual or abnormal behavior that occurs on the network traffic to and from all of your Endpoint Devices.

4)     XDR:

Not to throw more techno jargon out there but this is an acronym that stands for “Extended Detection Response”.  This is actually a much more sophisticated version of the traditional Endpoint Solution; in that it can do the following:

*It can actually be a very proactive approach by always changing the attack surface that may exist on all of your Endpoint Devices.  This is an attempt to confuse the Cyberattacker in case they are targeting a specific device of a particular employee.  The main benefit of this is that it will make any vulnerabilities harder to detect and subsequently exploit. 

*It can further beef up the defenses for both the CPU and the memory.  This is a critical area in your Endpoint Devices that the Cyberattacker can literally hide out in going unnoticed, and even deploy malicious payloads onto them, making detection almost impossible.

*It’s database will always be updated on a real time basis with the latest threat profiles, so that it can offer maximum protection to your devices.  Also, since Generative Ai is now being used in Endpoint Protection solutions, it can even now learn on its own and even make reasonable extrapolations as to what future threat vectors could possibly look like.  This is a far cry from the traditional Antivirus and Antimalware software packages of today.  For example, their databases are only updated at intervals, and the timing of that is largely dependent on the vendor.

My Thoughts On This:

Although procuring and deploying an Endpoint Protection solution may appear to be an expensive proposition, the truth is that they are really not.  A lot will depend thought upon how many devices you want to protect. 

Of course, it is always wise to make sure that all of them are Cyber fortified.  In fact, if you make use of a cloud deployment, such as that of Microsoft Azure, the Endpoint Protection solution will already be there.

All you have to do is just deploy it, and make sure that it is properly configured for your environment.  But my suggestion here would be to engage with a Cloud Services Provider (CSP) that can actually do and manage all of this for you.

Some of the other key benefits of making use of an Endpoint Protection solution for your business include the following:

*It is lightweight, in terms of its file size and the processes that run within it.  This means that there will be no disruption to your existing processes.  It will also not result in “bloatware”.

*Apart from keeping log files, the Endpoint Protection solution also acts like a “Black Box”, very similar to the ones you hear about being used in commercial aircraft.  Meaning it can also record all of the activity that occurs for each and every device for which you have the solution deployed upon. 

This will also prove to be a great boon if you ever need to conduct a Digital Forensics Investigation.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...