How Meaningless EDR Can Actually Hinder a Company’s Security Posture

Companies that use an EDR solution have acknowledged that a cyberattack can occur at any time, and traditional protection platforms can only address 99% of the threats in the wild. EDR tools focus on the last 1% of threats, allowing for much greater fidelity in incident investigations.

On average, some 82% of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. Italy, the US, France, and the UK scored highest, CISOs’ main argument behind this is that time is of the essence when isolating the incident to prevent spreading (68%), identifying how the breach occurs (55%), and evaluating losses and the impact of the breach (51%), mainly.

Delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30%), understand the motivation for the cyberattack (19%), or improve the incident response plan for future attempts (17%).

As a result, the second main important driver for enhancing the company’s cybersecurity posture is also speed-related: faster detection and response capabilities are mentioned by almost half of those surveyed, immediately below improving data protection (51%). EDR tools that don’t have a priority-based alert filtering mechanisms can slow the detection and response process of real threats, as it may send IT and security staff on investigation paths that either lead nowhere or are trivial.

EDR alerts should not be about the sheer number of triggered alerts, but about intelligent, reliable, and meaningful alerts with a high probability of pointing to a real threat. Traditional EDR tools may seem like a security enabler, but without dedicated and staffed SOC teams, they may either hinder the organization’s security capabilities or make no significant contribution to the overall security posture.

Detecting data breaches revolves around closing the gap between the initial compromise and subsequent data exfiltration. The major benefit of meaningful EDR alerts is that accurate and actionable security alerts lead to fast detection and response, without overburdening IT or security staff with trivial notifications.

“Timely detection of data breaches directly affects organizations in a positive way, as incident response procedures can be immediately triggered to contain, mitigate, and prevent full-blown security incidents that could otherwise financially affect the organization,” Liviu Arsene, Bitdefender’s Global Cybersecurity Analyst says. “Zeroing in on potential security breaches as they occur makes a world of difference between business continuity and irreparable financial or reputational damages.”

Otherwise, damages caused by a data breach can scale over time the more a breach is present in an organization’s infrastructure. Failure to detect a breach as it occurs may lead to full infrastructure compromise, irreversible data loss, and financial repercussions from which some companies may never recover.

With attacks becoming more sophisticated, advanced, and pervasive, companies are left vulnerable by the traditional set it-and-forget it security model in which organizations and businesses acquire but don’t continuously manage security tools or update incident response plans. The true power of an effective security posture lies in a layered security defense, augmented by next generation detection and response tools that accurately nail potential data breaches as they occur. Based on the data in this survey, it’s fair to say that organizations cannot afford the absence of the right security tools.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Razvan Muresan. Read the original post at: