Securing the Network Edge
Endpoint detection and response can reduce serious incidents by 50%
We’re living in a new world of permanent freedom thanks to trends in remote work. But new business models represent significant security liabilities to the enterprise. Did you know that when a remote worker is the cause of a breach, the cost of remediation rises by $1M? When innovation comes with high risk at an even higher cost, it’s all the more important for IT leaders to balance hybrid work with the requirements of security. And when it comes to putting protection at the new network edge, more companies are turning to Endpoint Detection and Response (EDR) solutions. This article explores what EDR is and what it’s not, highlighting research from Nemertes which shows EDR can reduce serious security incidents by 50%.
What is EDR?
Before getting into the definition of EDR, it may help to define the endpoint first. An endpoint is a device that connects to a network. Laptop computers and smartphones are endpoints, to name two of many examples. Endpoints are literally at the end of the network, representing the network’s physical reach. As the frontline edge of the network, endpoints are good at being the earliest detectors. And due to their generally large numbers, they are well situated to detect cyber threats early in an attack cycle.
This helps explain why EDR solutions leverage advanced technology to turn endpoints into cybersecurity sensors detecting threats. These solutions can also potentially use endpoints to help with cyber incident response. Learn more about how EDR works in this guide to Endpoint security.
What is XDR and how is it different from EDR?
Flashy cybersecurity technologies and new paradigms come along every year, making security and IT professionals quickly forget about last year’s novel innovation, and EDR is at risk of this notoriously short attention span. Word on the street is that EDR has evolved and been “replaced” by Extended Detection and Response (XDR). Not only is this untrue, XDR is also quite different from EDR and can’t possibly replace it.
XDR takes in data streams from multiple sources to detect and respond to threats across a wide variety of environments. It is in this context that XDR connects with EDR solutions, receiving information from all endpoints and their installed cybersecurity sensors.
EDR is also distinct from endpoint protection (EPP), which may include anti-virus solutions. However, in some cases, EDR and EPP solutions come in a single package, together with technologies for endpoint forensics and related functions.
EDR: Rolling it into a broader SASE solution
Furthermore, EDR solutions may be incorporated into a broader threat detection and response ecosystem, flowing flow data into Secure Access Service Edge (SASE) solutions, with the goal of spotting anomalies that suggest an attack is underway. According to Nemertes, about 47% of those using EDR said they also used a SASE solution.
When added to the SASE mix, EDR can provide critical real-time feedback on unfolding threats at the network edge. It can feed data into the SASE platform aiding other components, such as Cloud Access Service Brokers (CASBs) and/or Zero Trust Network Access (ZTNA) solutions. This can help slow down an attack vector like ransomware. Bottomline: EDR is a core component in widening protections and making security reach everywhere.
Why is EDR important today?
EDR matters now for a variety of reasons. The increasingly serious threat environment is one factor in making EDR an essential cybersecurity countermeasure. Consider that ransomware has reached a new high, victimizing 71% of organizations, according to the 2022 CyberEdge Group’s “2022 Cyberthreat Defense Report.”
The most significant issue, however, is the shift to persistent hybrid work. Employees are working from pretty much anywhere, on a range of devices. This means more endpoints in more places, connecting to the network through more means.
The internet is making matters worse.
The risk of endpoint compromise or infection rises as endpoints connect to the network through the public internet, away from protective services provided by the on-premises network. It is essential to stay on top of those endpoints to detect threats such as ransomware as early as possible. An EDR solution can do this, enabling the endpoint to become part of a centrally orchestrated, automated, distributed response.
EDR reduces serious security incidents by 50%
Interest in EDR is strong. Nemertes’ studies found that:
- 56% of organizations had begun to deploy EDR in 2021
- Another 24% intended to buy them by the end of 2022
EDR appears to be delivering value too.
Nemertes’ studies also revealed that:
- Security organizations using EDR had a 50% lower rate of serious security incidents than those not using EDR. An 82.5% reduction in serious security incidents was associated with the use of a combined EDR/EPP client.
- The most successful security organizations are 165% more likely to be using the combination of EDR and EPP.
- An 82.5% reduction in serious security incidents was associated with the use of a combined EDR/EPP client.
Ensuring success through operations
EDR solutions generate a great deal of security data, and while much of the time, data analysis will be highly automated, the human touch is still necessary. For this data to have any positive effect on security, people must play a key role in analyzing data in real time and building a response plan when threats are confirmed. This means integrating EDR with the Security Operations Center (SOC), where security analysts can review alerts from the EDR solution and determine what action is needed.
Conclusion: Good value in early detection
EDR is essential for achieving and maintaining a robust security posture in this era of hybrid work. The technology utilizes pervasive and widely distributed endpoints as the earliest detectors of threats and agents of rapid response to cyber incidents. EDR has a natural fit with SASE and broad Zero Trust strategies. To work optimally, EDR solutions should integrate with the SOC.
Managed Security? We're here to answer all of your questions.
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
Three Considerations for Creating a Future-Ready Enterprise
Learn about what business leaders should do to create a technology-forward, future-ready enterprise.
Understanding ZTNA Relationship to Zero Trust and SASE
Zero Trust Network Access gets mixed up with Zero Trust and SASE. Understand the differences and how it strengthens security.
Cybersecurity Blind Spots: Why You’re Unaware of Risks Hiding in Your Own IT Environment
Companies today have more security weaknesses. Explore three common blindspots and how to turn on the light switch.
Delivering On The Digital-First Promise: How To Meet Heightened Demand With Less Risk
The best digital strategies foster an IT ecosystem where checks and balances allow emerging technologies to synthesize with security and the network.
Why EDR is an essential requirement for cyber insurance
A company applying for a cyber insurance policy must demonstrate that it has effective cybersecurity policies and countermeasures in place.
Cloud Security Best Practices: Advice from Forrester
Security for cloud migration is the new imperative. Forrester’s best practices report includes these four key guidelines.
Rebalancing security and business innovation post-pandemic
The accelerated transformation has spurred new governance phases. Rebalance innovation and security by putting these checks and balances in place.
The Transformation Trifecta at the Heart of the Hybrid Work Revolution
How sustainable is your hybrid work strategy? It's time to unite the disciplines of connectivity, cybersecurity and collaboration.
Masergy Wins “Editor’s Choice MSSP of the Year” Global InfoSec Award During RSA Conference 2022
As a leading managed security services provider, Masergy earns one of Cyber Defense Magazine’s most prestigious awards. Here’s why.
The Comcast Business Story – An Overview
Comcast Business and Masergy have joined forces - We are your one provider for all your secure networking needs.
SEVEN leaders from Comcast Business and Masergy recognized on CRN’s 2022 Women of the Channel List!
Masergy Awarded 2022 TMCnet Remote Work Pioneer Award
Masergy succeeds in making remote work actually work well for IT teams in the long run.
Masergy: “multi-cloud environments make it difficult to control what’s happening in borderless networks”
Masergy's Trevor Parks talks to Cybernews about security threats in modern multi-cloud environments.
MSS, MDR, SOCaaS: The differences in security services and how to choose
The catalogue of security services abbreviations keeps getting longer. Here are some quick definitions and tips to help compare offerings.
Action plans for Log4j or Log4shell
The “Log4Shell" or “Log4j/Shell” vulnerability is one of the most serious cyber threats in recent history. Why is it such a serious concern and what can you do about it?
Meeting the moment for hybrid work cybersecurity
A growing number of cyberattacks and the explosion of hybrid work have pushed security resources to the brink, exposing the need for more managed services backed by machine learning.
Your security service provider needs an upgrade: RFP questions to find a true partner
How do you ensure you’re getting the right combination of security expertise and operational excellence all in one provider? These questions can help.