PL Risk Blog

Endpoint Detection and Response: What you need to know

Written by Drew Smith | Oct 27, 2021 2:00:00 PM

In recent years, hackers have developed sophisticated methods of attacking users’ computers. One of the most valuable targets is the so-called Endpoint servers. With so much data in so many places to protect, EDR might be on thing many companies overlook

What Is an Endpoint?

Endpoints are quite simply where a device enters a server. They can be as simple as your phone to your workplace laptops. They are the gateways to everything your business handles. When a virus or malware attacks the Endpoint, it provides access to all the company’s data and systems. One common example or end point protection is a virus scan, which most companies have on their systems. Another example might be EDR monitoring a nuclear power plant that turns on an alarm and shuts down he core temperature if it reaches a certain temperature. EDR in a business can operate the same way in blocking programs. An effective EDR will monitor the system, alert you it detects unusual behavior, block programs from executing and shut down systems if necessary.

What Kind of Damage Can Endpoint Hacks Cause?

The Emotet virus shows how much damage an attack on these endpoints does. Emotet is a trojan horse type of virus, meaning that it hides itself in another program like the mythical weapon. Then once its activated, via phishing, it infects one computer before spreading into the network, changing its code to avoid normal antivirus programs. The way it attacks, sending constant signals to a server, mimics a Denial of Service (DDOS) slowing or even freezing a network. In one case when the virus was discovered in 2018, every officer’s computers were infected and were forced to get a new server and new computers because they could not purge the virus. In the words of Chris Dilleno, Founding partner of Mullen Coughlin, LLC, a law firm devoted to cyber liability, at the time of the virus’ discovery “Internal IT staff and even the top anti-virus companies in the world, can think they have it beat, but it in fact, we see them miss it completely. This virus is no joke.”

 

What Is Endpoint Protection?

Endpoint Detection and Response or EDR, is essentially the shield that protects these endpoints. There are many dedicated programs for this but the concept is the same. EDR starts by monitoring the endpoints for anything out of the ordinary. When they detect these anomalies, they are supposed to react by either sending out an alert, blocking a specific action or program or even shutting down significant systems. to react either by sending out an alert, blocking a specific action or program or even in shutting down significant systems.

One common example or an endpoint protection is a virus scan which most companies have on their systems. Another example might be a EDR monitoring a nuclear power plant that turns on an alarm and shuts down the core reactor if it reaches a certain temperature. EDR in a business can operate the same way in blocking programs. An effective EDR will monitor the system, alert you if it detects unusual behavior, block programs from executing and shut down systems if necessary. Different EDR’s can do one or all of these activities.

Why is EDR Important

As already mentioned, EDR is an important consideration for enterprises today because more and more devices are connecting to networks. The number of Internet-of-Things (IoT) devices is currently in the middle of an exponential growth phase—taking it from under a billion total in 2010, to what’s predicted to be over 30 billion by 2025. All of these devices will create new attack surfaces, which need to be addressed and secured by organizations.   

Furthermore, the combination of bring-your-own-device policies, combined with the shift to remote work, which was accelerated by COVID-19, creates more security issues for enterprises. There’s no way for IT departments to reliably enforce what people are doing with their personal devices, which are then connecting to organizational networks. Creating stronger endpoint security can help keep lurking threats from compromising critical data.”2

Mike Smith, President and CEP of PL Risk Advisors, Inc, had this to say “EDR’s have evolved from simply a virus scan to the more sophisticated systems that not only block certain computer actions but proactively takes to further secure and shut down systems. We have seen many cyber carriers deny providing coverage without a proper EDR in place.

Some EDR Products

When your searching for the right Endpoint protection, its important to get the product that suits your needs. Companies like Cynet and Rapidstrike provide an overall package, while some companies might have more tailor made protection.

EDR’s are an important factor in protecting your sensitive data. If you can’t protect the entry into your systems then any security system is worthless. Training to spot these potential intruders is key as is making sure your security systems are running properly.