{"id":13541,"date":"2018-10-09T08:10:05","date_gmt":"2018-10-09T16:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/09\/news-7308\/"},"modified":"2018-10-09T08:10:05","modified_gmt":"2018-10-09T16:10:05","slug":"news-7308","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/10\/09\/news-7308\/","title":{"rendered":"When Endpoint Detection and Response (EDR) is not enough"},"content":{"rendered":"

Credit to Author: Simone Spencer| Date: Tue, 09 Oct 2018 15:00:00 +0000<\/strong><\/p>\n

As cybercriminals continue to validate the reality that no prevention-based security control is going to stop every<\/em> threat every<\/em> time, companies are expanding beyond prevention-only approaches and closing the gap with endpoint detection and response solutions.<\/p>\n

But as we consider this strategy, one pressing question is: How big is the gap? If prevention security isn\u2019t 100 percent effective, how effective is it? A popular perception of businesses is that prevention security is about 98 percent effective with a mere 2 percent of threats slipping by. However, the reality is far worse.<\/p>\n

Because our product is most often used for malware remediation on business endpoints, we have extensive telemetry<\/a> on this gap where current endpoint protection technologies are failing to keep organizations safe. Our data shows that current endpoint protection platform vendor software is approximately 40 percent effective, based on endpoints using Malwarebytes for clean up. That means 60 percent of those endpoints were found to be harboring hidden threats\u2014including\u00a0Trojans, backdoors, and rootkits.<\/p>\n

Framing up the size of the gap is important because it helps organizations prioritize the capabilities they need in their endpoint detection and response (EDR) solution\u2014namely, automated and complete remediation.<\/p>\n

Until recently, organizations have turned to EDR to gain greater visibility into what\u2019s happening on endpoints. While helpful and important, visibility doesn\u2019t provide a silver-bullet solution for fast and effective remediation. Incident response (IR) teams still face challenges when managing multiple platforms, chasing false alerts, and manually handling the remediation process.<\/p>\n

Lack of visibility into and quick remediation of threats leads to long infection dwell times. In fact, according IR teams interviewed for the 2017 SANS Incident Response Survey, 28 percent report the time from detection to remediation is between 6 to 24 hours. The picture is much more grim in the 2018 Verizon Data Breach Investigations Report<\/a>, where more than 70 percent of organizations were comprised by a breach within minutes, but discovery of that breach took months\u00a0<\/em>for 60 percent of respondents. A further\u00a030 percent took days to contain a breach after discovery and a still solid 10 percent took additional months to get their breach under control.<\/p>\n

In addition to dwell time, manual remediation itself is resource-intensive, often involving a lengthy re-imaging process for IR teams, and lots of lost productivity for employees\u2014not to mention the tedious re-installation of end-user applications and customization of personal settings.<\/p>\n

There\u2019s a better way.<\/p>\n

Breaches are inevitable, and the true size of the prevention gap is much bigger than many realize. As such, remediation capabilities are essential for today\u2019s organizations. To truly close the gap and remediate hidden threats, the \u201cresponse\u201d portion of EDR solutions need to go beyond alerting to actually fixing<\/em> the endpoint.<\/p>\n

And that\u2019s what we aim to do with Malwarebytes Endpoint Protection and Response. Using a single, unified agent to deliver endpoint protection, detection, and response, our solution effectively alleviates expertise challenges and eliminates the resolution gap. Our product consists of three key components:<\/p>\n

1. Prevent<\/h3>\n

Malwarebytes Endpoint Protection and Response uses a seven-layered, Multi-Vector Protection (MVP) approach, which includes both static and dynamic detection techniques<\/a>, to seek out a wide range of threats delivered via different attack vectors.<\/p>\n

2. Detect<\/h3>\n

Our solution provides continuous endpoint monitoring and visibility using machine learning anomaly detection combined with aggressive anomaly detection scoring, which is integrated with our cloud sandbox detonation.<\/p>\n

3. Respond<\/h3>\n

Malwarebytes goes beyond alerting and actually fixes the problem with thorough remediation, and even rollback for ransomware infections. Our fast and effective response includes complete removal of infections and artifacts\u2014all with minimized end-user impact.<\/p>\n

The result is advanced protection capabilities plus EDR capabilities, packaged with not only visibility into threats but the ability to quickly remediate those threats and fix endpoints.<\/p>\n

Malwarebytes isn\u2019t like other security companies. With remediation in our DNA, we do everything in our power to stop attacks before they happen, but we never assume that cybercriminals won\u2019t find a way. That\u2019s why we\u2019ve focused on being the best at finding and removing known and unknown threats.<\/p>\n

Learn more about how to remediate threats with Malwarebytes Endpoint Protection and Response<\/a>.<\/p>\n

<\/a><\/p>\n

The post When Endpoint Detection and Response (EDR) is not enough<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Simone Spencer| Date: Tue, 09 Oct 2018 15:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
As cybercriminals continue to validate the reality that no security is going to stop every threat every time, companies are turning to endpoint detection and response solutions to close the gap. But is it enough to keep businesses and their data protected?<\/p>\n

Categories: <\/p>\n