Page 5 - Cyber Defense eMagazine - May 2018
P. 5
CISOS TOUGHEST BATTLE: FINDING THE RIGHT WEAPONS
TO FIGHT THE LAST ONE PERCENT OF THREATS
by Liviu Arsene, Global Cybersecurity Analyst, Bitdefender
In a fast-changing landscape where large cyberattacks make the news virtually every
month, companies have started shifting their security defense paradigm towards gaining
more visibility into the way attacks occur, and how they become targets. Building shields
to simply safeguard IT infrastructures is no longer enough, especially when protection
fails and a breach occurs. And breaches will occur sooner rather than later.
As a result, companies’ security spending has already started migrating from
prevention-only approaches to focus more on detection and response. Traditional
cybersecurity features, like ENDPOINT protection platforms (EPP), firewalls, app
security and intrusion prevention systems, which focus on prevention, are constantly
being improved by active defense mechanisms, such as endpoint detection and
response (EDR) tools, to provide relevant, accurate reports into security operations and
analytics.
Endpoint detection and response solutions will not only help CISOs protect their
infrastructure against sophisticated cyber threats, facilitate early detection and gather
intelligence, but also bring visibility into stealthy attacks, enabling rapid containment.
In addition to the improved detection and response approaches to prolific security
incidents, EDR tools also address the shortage of cybersecurity professionals. Most
information security professionals admit they have too few workers to address current
threats, while the number of cyber threats rises to new records each year.
More specifically, endpoint detection and response tools best fit resource-strapped
businesses with lean IT teams that operate without a coordinating hub for cybersecurity
activities, also known as a Security Operation Center or SOC. It’s a common situation
many companies must deal with. Even though SOCs are increasingly common, almost
half of organizations don’t have one, creating many security challenges, including
slower identification of intrusions, ad-hoc or no processes following a security breach,
inability to efficiently protect the most valuable assets from advanced attacks, and
delayed isolation of corrupted infrastructures. Detection and response capabilities allow
these companies to easily and immediately detect the attack and react to minimize the
impact on its network, brand reputation and customers.
EDR’s role in the advanced threat landscape
5 Cyber Defense eMagazine – May 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.