Today’s advanced cyber threats are making it more difficult than ever before to manage security in your organisation. In this blog, Security and Compliance Director Pravesh Kara explains why antimalware software alone is no longer enough to protect your most valuable assets – and why endpoint detection and response is the alternative you need.
In our technology-driven world, data breaches and cyber attacks are becoming more common. According to the UK Government’s Cyber Security Breaches Survey 2022, 39% of UK businesses reported experiencing a cyber attack in the last 12 months, and 38% reported experiencing a breach that resulted in at least one negative impact to the business. Of the 39%, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack.
Cyber criminals often target SMBs specifically because they are seen as easier targets with less robust cyber security measures in place. One small business in the UK is successfully hacked every 19 seconds, according to Hiscox. Around 65,000 attempts to hack small- to medium-sized businesses (SMBs) occur in the UK every day, around 4,500 of which are successful. That equates to around 1.6 million of the 5.7 million SMBs in the UK per year.
It’s crystal clear that businesses in the UK are indeed being targeted by advanced threats, so it’s crucial that you take proactive measures to protect your organisation.
As threats evolve, new tools are needed to combat them. Implementing endpoint detection and response software, in addition to other cyber security measures, can help you better detect and respond to these types of threats, reducing the risk of data breaches and other cyber attacks. Read on to find out how you can protect your organisation from becoming their next target.
How can you protect your organisation from cyber attacks?
Technology plays a large part in preventing, detecting and responding to cyber threats. As the stats above highlight, scale is needed to deal with the barrage of attacks directed at UK businesses.
One of the main targets and pivot points for threats are your endpoints, or the devices and servers that your people are using every day. There are two types of software commonly used to protect those devices: antimalware and endpoint detection and response (EDR) software.
You’ll likely be familiar with some of the more established software used to detect and remove malware, whether that’s at home or within your organisation, and you might even be aware of its limitations – but EDR may be a newer concept. Let’s take a look at this traditional software and compare it to new capabilities of EDR to continuously monitor your devices.
Antimalware: your established line of defence
Antimalware software is used to detect and remove malware such as viruses and spyware from a computer or network. It is typically installed on individual computers or on a network server and scans files and data for known malicious code.
The benefits of antimalware software are that it is relatively easy to use, doesn’t require a high level of technical knowledge, and is generally effective at detecting and removing known malware threats.
However, it’s not very effective at detecting new or unknown threats, and it can be resource-intensive, slowing down computer performance. Antimalware software also typically has a narrow view of a cyber threat’s attack chain, which can be a problem particularly where the threat actor is not using ‘malware’ to compromise a user or a device.
The advanced detection and response needed for your endpoints
A more robust defence against cyber attacks is needed today, which is where EDR comes in. This software provides continuous monitoring of endpoints with the ability to detect and respond to security threats in real-time.
EDR software can detect both known and unknown threats, and it can provide detailed information about the nature and source of a threat, allowing for targeted responses. EDR software is generally more effective than antimalware software at detecting and responding to advanced threats, but it does require a higher level of technical knowledge to operate.
When it comes to operating EDR software in a business environment, there are several considerations and best practices to keep in mind.
1. Know your endpoints
Firstly, it’s important to have a clear understanding of what endpoints need to be monitored and what types of threats the EDR software should be designed to detect.
In addition, and fundamental to the detections, is responding to threat indicators. The software can do much of the work, but still requires expertise to triage, investigate and carry out response actions to fully close out a threat. Expertise needs to be on hand around the clock as threat actors are global in nature and not limited by time.
2. Know your business
Second, it is important to choose an EDR software solution that is well-suited to your business needs. This may involve evaluating different software solutions and comparing features and costs. It’s also important to choose a software solution that is user-friendly and easy to integrate into existing IT infrastructure.
3. Think long-term
Third, it is important to ensure that the EDR software is properly configured and that it’s regularly updated with the latest threat intelligence. This may involve working with IT professionals to set up the software and to establish procedures for monitoring and responding to threats.
4. Review, test and evolve
Finally, it’s important to regularly review and assess the effectiveness of the EDR software and to make adjustments as needed. You might need to conduct periodic tests and assessments to identify potential vulnerabilities and to ensure that the software is providing the level of protection needed.
How to operate an advanced detection and response solution in your organisation
While both antimalware software and EDR software have their pros and cons, EDR software is more effective at detecting and responding to advanced threats. This is because EDR software sees more of the attack chain – it’s not only looking for malware but also abnormal behaviour undertaken by the user or by the device.
Operating EDR software requires careful consideration of your organisation’s specific needs and vulnerabilities, and a well-suited software solution, proper configuration and maintenance, as well as a regular assessment of its effectiveness. By following these best practices, you can significantly reduce the risk of data breaches and cyber attacks.
For the best approach to securing your organisation, you need to take a blended approach between technology, people and process to catch threats early so you can reduce or completely mitigate any negative impacts to the business.
This is where a managed service architected for smaller organisations could help and reduce the need to build and maintain your own internal teams. It also helps to take the pressure off maintaining your own internal team in a competitive cyber security job market, where it can be difficult to both recruit and retain great talent.
Antimalware is a viable option to protect your organisation. However, you need to be aware of the risks it introduces through its limitations and lower visibility of threat activities, particularly where threat actions involve no actual malware or never before seen malware.
