A Guide to Endpoint Security (EDR)

What is endpoint security?

Gartner defines the endpoint detection and response (EDR) solutions market as “solutions that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems.”

Endpoint security is the practice of protecting user devices like desktops, laptops, mobile phones, and tablets from cyber attacks, including:

  • Ransomware
  • Vulnerability exploits
  • Email phishing
  • Drive-by downloads
  • Watering holes

This practice includes endpoint security technology—often endpoint agents that are installed on the device—as well as the much-needed security analyst expertise and 24/7 monitoring and response capabilities to make effective use of that technology.

Legacy approaches to endpoint security have focused on prevention controls and techniques, such as anti-virus scanners, that attempt to avoid compromise or infection in the first place. In practice, this strategy is rarely completely effective due to the asymmetric dynamics of endpoint cyberattacks. These factors are key reasons why enterprise adoption of endpoint detection and response solutions is growing quickly and proving to be very effective.

Why is endpoint security important?

Endpoint security is critical for any enterprise because endpoints are the common entry point for attackers into the enterprise network, where–once landed–they can pivot and go after the valuable information targets, such as file servers, applications, and databases, which are their real objectives.

Endpoints are initial targets for attackers because they are operated by end users, who in spite of best efforts with cybersecurity awareness training, are human and will make mistakes with their device and IT system security. These mistakes include succumbing to phishing and social engineering attacks, installing unauthorized and often malicious applications and browser plugins, and visiting malicious websites that take advantage of browser vulnerabilities.

Endpoints are also prone to application and operating system vulnerabilities that continue to impact endpoint risk postures on a never-ending cycle of software vulnerability scan and patch. This means that endpoints offer a large and relatively easy attack surface for cyber attackers to target. One analogy is to think of hackers and other criminals waging a war against cybersecurity defenses, and endpoints are considered in this war as an effective beachhead where attackers can land and pivot to go after the high value data assets that are typically their end objective. Therefore, it’s critical to defend these endpoints to deny a beachhead for the attackers.

What is endpoint detection and response (EDR)?

Endpoint detection and response is relatively new to the cybersecurity industry. The popularity of EDR has grown amongst CIOs and CISOs within the past few years because it can help solve the key challenges of securing a network endpoint—the quickly finding and thwarting potential threats.

Detecting and responding to threats are crucial components of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. As per the NIST framework, prevention controls are simply not sufficient on their own and EDR implements much needed detection and response capabilities for endpoint devices. It does this by leveraging a deeply integrated security agent that acts as a gatekeeper between the operating system and any malicious applications or activities.

The EDR agent identifies, analyzes, and responds to operating system level activities that are indicative of malicious intent. Through either automated or expert analyst assessment, any malicious activity can be blocked or otherwise mitigated before the attacker can compromise the device or user. Overall, it’s a very effective endpoint defense strategy and technology because it does not rely on attack signatures or unique indicators of compromise, all of which can change quickly or be previously unseen.

However, EDR systems require sophisticated analyst skill and procedures to make the solution effective. Even with recent advances in artificial intelligence and machine learning, no 100% automated system can effectively determine which potential threats are real in the context of an enterprise network’s daily operations. For that, a human cybersecurity analyst is needed but staffing that level of expert human capital on a 24/7 basis is often challenging for typical mid-sized enterprises to build in-house. In these situations, Managed EDR is an appealing solution.

Why choose cloud-based endpoint security?

Many security tools, including EDR, require a management server where EDR software agents report their activities and receive policy and command for endpoint security enforcement. Cloud-based endpoint security refers to the option where these management servers are hosted in the cloud (e.g. as a virtual machine in IaaS or a SaaS app), making deployment quicker and easier. With this approach, enterprises do not need to “stand up” their own management server before actually deploying agents.

What’s unique about Masergy’s Managed Endpoint Detection & Response solution?

Masergy Managed EDR is a turnkey solution that combines EDR technology with fast 24/7 live incident response from Masergy’s team of certified security analysts and threat hunters to mitigate the advanced attacks legacy systems can neither detect nor stop. Masergy integrated EDR technology into our proprietary managed detection and response platform; enabling one-click rollback, one-click clean-up, and is enhanced by Masergy’s patented machine-learning analytics and 24/7 live incident response.

For the mid-sized enterprise, the turnkey Masergy Managed EDR service delivers an affordable solution with measurably faster time to value than just deploying the technology alone; and you can deploy Masergy Managed EDR as an add-on to our SD-WAN connectivity, as an add-on to our Managed Security solution, or as a standalone solution without any other Masergy cybersecurity or networking options.

Learn more about Endpoint Security

Related Content