CISOS TOUGHEST BATTLE:  FINDING THE RIGHT WEAPONS

               TO FIGHT THE LAST ONE PERCENT OF THREATS


               by Liviu Arsene, Global Cybersecurity Analyst, Bitdefender


               In a fast-changing landscape where large cyberattacks make the news virtually every
               month, companies have started shifting their security defense paradigm towards gaining
               more visibility into the way attacks occur, and how they become targets. Building shields
               to simply safeguard IT infrastructures is no longer enough, especially when protection
               fails and a breach occurs. And breaches will occur sooner rather than later.

               As  a  result,  companies’  security  spending  has  already  started  migrating  from
               prevention-only  approaches  to  focus  more  on  detection  and  response.  Traditional
               cybersecurity  features,  like  ENDPOINT protection  platforms  (EPP),  firewalls,  app
               security  and  intrusion  prevention  systems,  which  focus  on  prevention,  are  constantly
               being  improved  by  active  defense  mechanisms,  such  as  endpoint  detection  and
               response (EDR) tools, to provide relevant, accurate reports into security operations and
               analytics.


               Endpoint  detection  and  response  solutions  will  not  only  help  CISOs  protect  their
               infrastructure against  sophisticated  cyber  threats,  facilitate  early detection  and  gather
               intelligence, but also bring visibility into stealthy attacks, enabling rapid containment.

               In  addition  to  the  improved  detection  and  response  approaches  to  prolific  security
               incidents,  EDR  tools  also  address  the  shortage  of  cybersecurity  professionals.  Most
               information security professionals admit they have too few workers to address current
               threats, while the number of cyber threats rises to new records each year.

               More  specifically,  endpoint  detection  and  response  tools  best  fit  resource-strapped
               businesses with lean IT teams that operate without a coordinating hub for cybersecurity
               activities, also known as a Security Operation Center or SOC. It’s a common situation
               many companies must deal with. Even though SOCs are increasingly common, almost
               half  of  organizations  don’t  have  one,  creating  many  security  challenges,  including
               slower identification of intrusions, ad-hoc or no processes following a security breach,
               inability  to  efficiently  protect  the  most  valuable  assets  from  advanced  attacks,  and
               delayed isolation of corrupted infrastructures. Detection and response capabilities allow
               these companies to easily and immediately detect the attack and react to minimize the
               impact on its network, brand reputation and customers.


               EDR’s role in the advanced threat landscape


                     5   Cyber Defense eMagazine – May 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.