The changing security landscape demands that IT leaders put much greater focus on defenses against both insider threats and endpoint attacks.
“The endpoint is the battleground now, and it’s a game of speed, with most advanced attacks on endpoints occurring in minutes or even seconds,” said David Yang, Senior Director Support & Service, Exclusive Networks North America. “Unfortunately, many of the tools companies have been using are too slow for this new breed of attack. These tools can drive up costs and slow down processes – two things you want to avoid at a time when ‘sleek’ and ‘cheap’ are no longer optional.”
The insider threat is nothing new. Back in 2016, IBM reported in its Cyber Security Intelligence Index that 60 percent of all attacks were the result of insiders. While awareness of this threat may be rising, and companies are investing more heavily in this direction, the threat level is spiking.
Forrester predicted that the incidence of internal data breaches will increase by almost 10 percent in 2021.
Read about: The latest trends in endpoint security
The steady growth of insider threats is due in no small part to:
- Negligence of employees – Human error, from sending critical data to hostile parties to improperly configuring an environment to employing unsound and unsafe work practices, continues to be a huge challenge for businesses.
- Criminal or malicious insiders – Individuals familiar with a company’s security can leak or steal data, or provide bad actors with a clear pathway into the system.
- Stolen credentials – Stealing an employee’s creds are a great way to get past an organization’s security perimeter. Often hackers using stolen credentials will be able to operate undetected for a long time, doing a lot of damage in that time.
A great need
Organizations around the world remain deep in a struggle to run operations smoothly despite the health crisis and its ramifications and limitations. Businesses will continue to use a work-from-home (WFH) model as long as the crisis continues. Many experts even see WFH being permanent. This model, based on remote employees connecting to company resources from outside the security perimeter, poses a unique security risk.
“The risk was present before COVID-19 of course, but with this great shift to remote work the risk has exploded,” said Yang. “Fear is never a sound place from which to make business decisions, but certain realities must be acknowledged: hackers are absolutely taking advantage of this vastly expanded attack surface.”
“If antivirus and firewall wasn’t enough before, it’s certainly not enough now.”
Covering the endpoints
The term “EDR” (Endpoint Detection and Response) was first introduced by Gartner in 2013 to define tools that detect, investigate, and resolve suspicious activity at the endpoint level. Companies use EDR to get a better understanding of their endpoints, and to swiftly respond when there has been a compromise. EDR tools also detect and protect businesses from advanced malware, phishing attacks, and credential theft.
EDR can help companies in a variety of ways:
- Anytime visibility – An IT team lacking visibility is happy to detect a problem; but EDR provides a view of the problem and whether other points were affected.
- Swift response to potential incidents – Potential threats can tie up IT and security teams for hours. EDR can significantly shorten this time.
- Understanding of how an attack took place – Resolving and closing a security incident allows a company to move forward, but EDR can shed light on the chain of events, and particularly the failures that led to the incident being possible.
“Organizations naturally want to lessen the chance of an attack, and quickly resolve those that do occur, but the real prize is in that deep insight into what happened,” said Yang. “This extra intelligence allows IT teams to close loops and gaps of which they wouldn’t otherwise have been aware.”
What about FortiEDR?
FortiEDR provides robust threat protection for endpoints by proactively reducing the attack surface, preventing malware infection, detecting and defusing potential threats in real time, and automating response and remediation procedures with customizable playbooks. Use FortiEDR to stop breaches in real-time automatically and efficiently, without overwhelming your security team with false alarms or disrupting operations.