Print.IT Reseller - issue 80

PRINTITRESELLER.UK 39 EDR Continued.... Andy Bogdan, Head of UK Channel at Kaspersky, discusses mitigating the remote working transition and the security skillset challenge The endpoint detection response enigma 726 million cyber-attacks At first glance, this is an understandable defence plan. By the middle of 2020, sensors had already recorded more than 726 million cyber-attacks launched on online resources, due to a struggle among IT teams to secure their now-at- home endpoints from malware. Endpoint detection response naturally seemed to fit the bill as a deterrent, having recently debunked an industry myth about it having had its day. EDR is now finding favour over traditional anti-virus and can indeed play its part in mitigating the challenges exposed by this year. However, the focus now should be on ensuring that it is strategically embedded into a managed, licensed and already hardened IT environment – and not just adopted as a silver bullet, as we have seen over the past few months. Staying alert to the EDR market It is the rush towards EDR as an all- encompassing white knight that has exposed the aforementioned knowledge gap that exists in many organisations. Businesses have needed a solution, and have often failed to analyse their wider digital infrastructure before leaping to its adoption. This chain of events has been exacerbated in part by an additional, worrying trend where next-generation and firewall vendors are pushing EDR into organisations after obtaining more universal endpoint solutions. Firewall vendors are impacting the endpoint protection platform (EPP) market through the acquisition of EDR companies that strengthen their solution, but that are missing the comprehensibility of full EPP solutions. Instead of being enacted as part of a multi-layered EPP product, EDR as a standalone function is therefore generating alerts that then depend on behavioural detection and manual analysis. This potentially leads to an increase in false positives, and a decrease in employee productivity as workers strive to filter the urgent threats from a deluge of detected warnings. It means that, instead of acquiring a solution to their device dispersion predicament, IT teams are facing more alerts than ever, at an already stressful time, without the requisite guidance and internal skillset to benefit from their investment. EDR still has a place at the table Missing features in EDR, like device and application hardening, are a must- have in order to reverse some of the aforementioned skills gaps. Increased efficiency and a reduction of business threat exposure must top the list of priorities, and EDR can help, but only if it’s integrated into a wider established infrastructure. According to Ian Thornton-Trump, CISO at threat intelligence company Cyjax, EDR solutions are not the solution to organisational security. However, he argues that they form a valuable and indispensable layer that wards off the worst that cybercriminals and APT actors have to throw, at an organisation with exposed services and endpoints that surf the internet every day. “Without the prerequisites in place, the EDR that some organisations experience will be sub- optimal, with a plethora of false positives as AI mistakes poorly-managed IT environments as compromised,” he warns. Thornton-Trump explains that when misapplied, EDR can have significant operational impacts and can disable core functions. However, this is not to say that it doesn’t have a place at the table. On the whole, he believes that EDR is effective in preventing ransomware and especially detecting and preventing ‘living off the land’ lateral movement. Prior to the onset of COVID-19, a Ponemon Institute study revealed that 61 per cent of businesses cited staffing limitations as a primary reason why they weren’t adopting endpoint detection response (EDR). Put simply, the sophistication of the tool wasn’t matched by the skillsets available to fully leverage its functionality. Fast forward just a few months and research conducted for the Kaspersky ‘How COVID-19 changed the way people work’ report found that nearly three-quarters (73 per cent) of workers hadn’t received any additional IT security awareness training this year, amid a mass migration to homeworking and a panicked change of mind towards EDR’s adoption. So, what changed? In part, the accelerated transition to remote working and the desperate need to protect a dispersed device network backed enterprises into a corner. Businesses naturally felt obliged to take action, and to discard their previous concerns about readiness. EDR is now finding favour over traditional anti-virus and can indeed play its part in mitigating the challenges exposed by this year Andy Bogdan