83% of Cyber Security Professionals Are Concerned About Data Loss Post Threat
A recent survey of security professionals carried out by Secrutiny revealed more than 80% of respondents are concerned about data loss post threat. And while data breaches are on the rise, the UK data watchdog (ICO) saw a four-fold upsurge in personal data breach reports in 2018/19, when compared to a previous 12-month period, the fear it could happen to your business doesn’t need to keep you awake at night!
Organisations can drastically reduce the risk of data loss by evolving from a reactive ‘defensive’ position to one of proactive, continuous monitoring and response. Let’s think about this in terms of the endpoint; after all, any device; smartphone, tablet, desktop, or laptop, provides an entry point for threats. Almost all organisations will have an Endpoint Protection (or EPP) solution in place, but the need for more effective endpoint security measures has transpired in recent years. Leading to the emergence of Endpoint Detection and Response (EDR) technologies which address the growing need for consistent investigation capabilities to promptly recognise, identify, and avoid malicious threats.
Should I Stay (with EPP) or Should I Go (to EDR)?
The main difference is that EPP identifies and blocks known threats, whereas EDR provides additional tools to hunt for threats, forensically scrutinise intrusions and respond quickly to attacks. Without the capability to hunt for threats, many of today’s sophisticated attacks go undiscovered for months. According to analysis of over 150 data breach reports submitted to the Information Commissioner’s Office in 2018, organisations took an average of 60 days before realising they had suffered a data breach.
Jeremy Hughes, Cyber Security Engineer at Secrutiny, said: “EPP is your conventional anti-virus, which also uses artificial intelligence and machine learning to effectively identify malicious use of a device, or malicious software running on the device. EDR gives you the capabilities to threat hunt within an estate and look back over exactly what activities happened at the time of the threat or execution of say, anything on that device. But there is a crossover, with many endpoint security software tools combining both EDR and EPP, so capabilities of both solutions are utilised.”
Peter Carfrae, UK Channel Manager at next-gen endpoint security software provider SentinelOne, believes that the cyber world today is “fundamental to our way of life and endpoints are conversing directly with cloud workloads, data centres and services. This means every business is looking at how they can securely enable their staff, assets and data in today’s elastic environment. Whilst the prevention of breaches remains critical; the reality is true that value is not just in EPP but also in how quickly and effectively customers can identify, respond and remediate to live threats by understanding the true context of breaches with a combined EPP and EDR solution such as SentinelOne”.
Ultimately, both EPP and EDR compliment something that is missing in the IT environment (or only somewhat present).
Jeremy continued: “With EPP you have coverage over known threats, and with EDR you can tackle the unknown, plus go back and review what was changed during a malicious activity, and that’s anything from a virus to malicious user activity and unknown insiders. In general, there are only a few products that are solely EDR, and pretty much everything that we use at Secrutiny is EPP and EDR combined.”