AV + EDR versus aiSIEM: Good Security is NOT Good Enough

0
72

by Sunil Kotagiri and Arun Gandhi

With the adoption and proliferation of Internet of Things (IoT) and cloud/virtualization trends are on the rise, cybercrime is developing much faster. The threat surfaces have broaden significantly and security teams have to defend against sophisticated cyber-attacks, such as, Ransomware, Distributed Denial of Service (DDOS), Inside threats, Vulnerability exploits, Advanced Persistent Threats (APTs), Email phishing, to list few. Even though the attack surface has increased significantly but the security budget hasn’t especially for mid-to-smaller organizations. So many enterprises have been confused by the vendor’ claim that fits their narrative, should we say, a self-fulfilling prophecy? In some cases, enterprises have been made to believe that an Antivirus with Endpoint Detection and Response (EDR) solutions is good to enough to combat the current and growing security risks. This begs a question: Is this a viable strategy for protecting enterprises from today’s growing number of sophisticated cyber-threats?

The short answer is no. Even though, in some cases, organizations have built their security posture with these tools, enterprises continue to get breached and face malicious attacks causing data frauds on a day-to-day basis. The truth is that this doesn’t do the job. Though Security posture built around AV + EDR combo is a good start, it isn’t good enough to help protect organizations in this digital era.

Gartner defines EDR as tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) on hosts/endpoints. An EDR is used to determine threats / breaches on an endpoint device and responds to these threats with agents installed on each endpoint to collect data from many data sources and stores them in the central repository. Since data is relegated to these endpoints, same alert reported by multiple end points resulting in false positives and additional work. Moreover, antivirus solutions do not offer the necessary protection to keep the enterprise network and data secure. They lack the threat intelligence (no global context) and prevention capabilities necessary to even recognize modern day threats and breaches, much less remove them from the enterprise network. In summary, endpoint security that includes EDR and Antivirus, provides the capabilities necessary for maintaining the digital perimeter but falls short to provide the comprehensive cybersecurity to the enterprises.

Seceon aiSIEM™ is developed ground up to deliver “Comprehensive Cybersecurity for the Digital-Era”. It ingests raw streaming data – logs from all devices, OS, Apps and Services in the ecosystem (on-premise, cloud); Flows, such as, NetFlow, IPFIX, sFlow, jFlow from network infrastructure, and subscribes to identity management infrastructure, such as, Microsoft® Windows® Active Directory™ service, LDAP, DNS, DHCP, Azure AD, etc. This streaming platform has functionalities of traditional SIEM, SOAR, user and entity behavioral analytics (UEBA), Cloud Security protecting Cloud Compute (AWS, Azure, GC, etc.), Cloud Applications (Office365, Azure AD etc.), Cloud Platforms (PaaS), Network Traffic Analysis (NTA), Network-Based Anomaly Detection (NBAD), Intrusion Detection System (IDS), threat intelligence feeds for correlation and enrichment, advanced machine learning (ML) and AI with actionable intelligence. aiSIEM generates meaningful alerts with context and situational awareness and enhanced accuracy from the scores of threat indicators otherwise analyzed by the security experts. The platform provides comprehensive visibility of the enterprise’s ecosystem to proactively detect threats/breaches, automatically contains and eliminates the threats in real-time by pushing the policies on hygiene systems (like Firewalls, Email/Web Gateways, Microsoft® Windows® Active Directory™ service, Network Access Controllers, EDR, etc.), and continuous compliance to enhance an organization’s security posture and provides a zero-trust security in a digital era, while lowering SOC operational cost by more than 80%.

Below table shows the comparison of aiSIEM with AV + EDR Solutions:

 

About the Authors

Sunil Kotagiri.  Sunil is a lifelong technologist, architect, and hands-on executive and handled every role in the software engineering lifecycle in Technology Company at some point. He oversees the Architecture, Development, and Delivery of Seceon’s most advanced comprehensive cybersecurity platform based on cutting edge Big/Fast Data Architectures and Machine Learning (ML) and Artificial Intelligence (AI). Sunil brings technical leadership with over two decades of experience in software development and methodologies, architecting and delivering complex Cybersecurity, Big Data Analytics (Time series & Real-time), Business Intelligence, highly-scalable distributed Web and Mobile Apps for Enterprise, Mobile, Telecom, and Cable markets. Prior to Seceon, he was a member of the Executive team and Vice President of Software Engineering at IneoQuest where he oversaw the development and roll out of industry’s first Big-Data Video Analytics product processing millions of video stream data collected from thousands of Video Monitoring probes. At IneoQuest Sunil also led the industry’s first end-to-end video service assurance, real-time analytics, and provisioning software solutions that were deployed at 12 of the top-15 global service providers. Before IneoQuest, Sunil was the Director of Engineering at Narad/PhyFlex Networks where he led the successful rollout of software platforms for Network Management, Security, Service Management and Orchestration. Sunil also held engineering leadership positions at Cascade Communications, Ascend Communications, Lucent, and Hewlett Packard.

Sunil is the author of multiple patents for the Service Definition and Orchestration platforms and holds a BS in Electronics and Communications and MS in Computer Science from the Indian Institute of Technology (IIT), Madras.

Arun Gandhi.  Arun works as the Director at Seceon leading product management and marketing with responsibility for driving strategic Go-To-Market initiatives, positioning, customer use cases, and executive engagements with customers & partners.

Prior to Seceon, Arun held various technical and leadership roles in Product Management, Strategy, Marketing and Engineering at Juniper NetworksNetBrain Technologies, and Misys Plc (now Finastra). With more than 17 years of experience with startups and global brands, Arun’s experience includes product management, business strategy and operations, high profile customer engagements, product marketing, sales enablement, positioning of emerging technologies, strategic analysis, development & test for security, networking, and cloud technologies in the Service Provider and Enterprise Markets. He has also authored several articles for magazines, journals and contributed at the IETFs.

Arun recently completed an executive management Program for Leadership Development (Executive MBA) from the prestigious Harvard Business School. He also holds Masters and Bachelor’s degrees in Computer Science from University of New Hampshire and Nagpur University, respectively.