Who Needs to Use EDR Solutions?

Who Needs to Use EDR Solutions?

Asked how they’d describe their digital attack surface in a recent Trend Micro report, nearly half of all organisations surveyed said, “spiralling out of control.”

This is not surprising. With almost every business activity now relying on remote access, online collaboration tools, and cloud services, the average company’s threat surface has grown exponentially in the last few years. Visibility, on the other hand, has lagged. According to Deep Instinct research, 99% of cybersecurity professionals globally don’t think all their endpoints are protected by even one security agent. 

Considering that hackers often see endpoints as easy entry points into corporate networks, invisible devices pose one of the greatest cybersecurity threats to companies. 

Any organisation that wants to reduce their risk at the endpoint therefore needs to invest in advanced endpoint protection solutions like endpoint detection and response (EDR). However, this is particularly true for businesses with remote and/or hybrid workforces. 

Remote Work Left Many Businesses More Vulnerable to Cyber Attacks 

The last few years saw companies switching up how they work. Pre-pandemic, 60% of employees with remote-capable jobs worked fully on-site, and only 8% were fully remote. In 2022, things could not be more different. In February of this year, just 19% of employees were on-site. The rest were working either remotely (39%) or in a hybrid work environment (42%). 

Although remote/hybrid working has no doubt saved many companies during a global health crisis when many businesses had to close, it has also opened the floodgates to cybercrime. Most security leaders believe that remote workers are exposed to more risk than their office counterparts, but are struggling to keep them protected. According to a remotely survey of 600 system and IT administrators across various different sectors, one in three respondents said that keeping users safe daily is one of the biggest challenges they have as a remote IT team. 

Part of the reason why is that they’re bogged down in tasks like provisioning services and apps, dealing with staff that have ignored security best practices, managing user identities, and helping onboard new workers. When asked about what they spend most of their time doing, IT workers cited “ensuring business continuity” and “protecting users from themselves” as the top two imperatives. “Security/fight attempts to hack or compromise the network” came in third. 

With so much of their time taken up by administrative tasks, it is no wonder that endpoint security has fallen to the wayside. As many as 16% of enterprise devices are unencrypted, and two out of three devices are running OS versions that are out-of-date. Enterprise devices are also on average 77 days behind current patching. However, the biggest issue security professionals face is lack of visibility. 

Invisible Devices Are Hurting Companies

With many employees and their devices now living outside the walls of companies’ physical environments, lack of visibility into remote endpoints is putting organisations at severe risk. 

A recent Illumio report that surveyed IT professionals at 300+ mid-to-large sized companies found that more than one in two respondents can’t see attempted connections to work laptops from devices that exist on the local home network. A further 45% said their visibility is constrained by VPN tools, which leaves IT professionals in the dark as to where employee work devices are actually coming from. What’s more, 13% of corporate devices are not even connected to a corporate domain. 

It’s not just mid-sized organisations and large enterprises that suffer from blind spots caused by remote work. Researchers at Cyrebro examined incident response reports from multiple companies across a range of locations, industries, and sizes. They discovered that visibility is the most common factor driving attacks, irrespective of whether the victimised organisation is an enterprise with 5,000+ employees or an SMB with less than 15. 

When IT teams are unaware of what’s going on in the corporate network, threat actors have free rein to move undetected across a network, jumping from one endpoint to another to further the attack. 

A Security Toolset for Remote Workforces

What’s interesting about the Cyrebro report is that more than three in four organisations that experienced a cyber attack did not have an anti-malware or EDR solution deployed on their endpoints. Without an adequate cybersecurity toolstack, visibility suffers and threats can more easily slip past. 

Attacks on companies with limited visibility are not only more likely to happen, but are also more likely to be harmful. Already, more than 8 in 10 organisations say it would take them up to three days to recover from a ransomware attack, and that, in the meantime, they’d have to operate at less than a quarter of their usual capacity. Thorough visibility provided by EDR solutions, which gather and analyse threat-related data from all endpoints connected to a corporate network, can help companies track down and remediate threats faster. 

However, while EDR is integral for endpoint security, it alone won’t protect organisations from attacks. Because these types of solutions only look at endpoint data, they do not completely solve the problem of limited visibility. As a result, if an attack starts elsewhere within a corporate environment other than the endpoint, or uses multiple vectors, security professionals may not become aware that a cyber incident is in progress until it is too late. 

For 360-degree visibility and ultimate network protection, organisations need a solution that provides a holistic view of their digital estate. Combining security controls like EDR, network detection and response (NDR), security information and event management (SIEM), and security orchestration, automation and response (SOAR), SenseOn provides extended visibility across endpoints, network, and the cloud, eliminating blind spots once and for all. 

Previous
Previous

Why Is Endpoint Security Important? Rethinking Endpoint Protection In 2024

Next
Next

What Your SOC's SIEM Needs To Do Next