As  a  result,  the  second  main  important  driver  for  enhancing  the  company’s
               cybersecurity posture is also speed-related: faster detection and response capabilities
               are  mentioned  by  almost  half  of  those  surveyed,  immediately  below  improving  data
               protection  (51%).    EDR  tools  that  don’t  have  priority  or  severity-based  alert  filtering
               mechanisms  can  slow  the  detection  and  response  process  of  real  threats,  as it  may
               send IT and security staff on investigation paths that either lead nowhere or are trivial.
               EDR  alerts  should  not  be  about  the  sheer  number  of  triggered  alerts,  but  about
               intelligent,  reliable,  and  meaningful  alerts  with  a  high  probability  of  pointing  to  a  real
               threat. Traditional EDR tools may seem like a security enabler, but without dedicated
               and staffed SOC teams, they may either hinder the organization’s security capabilities
               or make no significant contribution to the overall security posture.

               Timely  detection  of  data  breaches  directly  affects  organizations in  a  positive  way,  as
               incident  response  procedures  can  be  immediately  triggered  to  contain,  mitigate,  and
               prevent  full-blown  security  incidents  that  could  otherwise  financially  affect  the
               organization. Zeroing in on potential security breaches as they occur makes a world of
               difference  between  business  continuity  and  irreparable  financial  or  reputational
               damages.

               Otherwise, damages caused by a data breach can scale over time the longer a breach
               is present in an organization’s infrastructure. Failure to detect a breach as it occurs may
               lead to full infrastructure compromise, irreversible data loss, and financial repercussions
               from  which  some  companies  may  never  recover.  With  attacks  becoming  more
               sophisticated, advanced, and pervasive, companies are left vulnerable by the traditional
               set-and-forget  security  model;  where  organizations  and  business  acquire  but  don’t
               continuously manage security tools or update incident response plans. The true power
               of an effective security posture lies in a layered security defense, augmented by next
               generation detection and response tools that accurately nail potential data breaches as
               they  occur.  Perhaps  the  biggest  damage  organizations  cannot  afford is  a lack  of  the
               right security tools.



               Takeaways

               When  considering  EDR  solutions,  Bitdefender  security  specialists  strongly  advise
               enterprise CISOs to consider the importance and value of an integrated prevent-detect-
               investigate-respond-evolve approach to endpoint security:








                     7   Cyber Defense eMagazine – May 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.