Anti-Virus Software is Obsolete
Almost everybody is familiar with anti-virus software. Norton and McAfee are big brand names in this space.
This software is designed to spot “executable code” that a bad actor slips into software. The bad code is deeply hidden amidst millions of lines of good code and it waits for a trigger (like the clock inside your computer) to release its destructive purpose.
In simple terms, anti-virus software scours the good code looking for malicious lines of code and then erases anything it finds that should not be there. But because traditional anti-virus relies on previously identified malicious code, the bad guys have always been one step ahead.
They have refined their evil ways to infiltrate computers while remaining unnoticeable to anti-virus software. In 2017, it became obvious that the bad guys were playing leap frog – the “WannaCry” ransomware attack in May was quickly followed by the “NotPetya” cyberattack in June. The pain was felt globally.
Through phishing and other social engineering techniques, the bad guys were no longer burying malicious code deep in the bowels of a huge software program, they were burying the code in a single employee’s computer and using that “endpoint” to worm their way deeper into the network.
A new challenge has become a crisis. Social engineering now accounts for approximately 85% of cyberattacks.
IT security professionals knew that the next level of anti-cybercrime software was imperative although the solution would be daunting. The answer to this challenge is here and not a moment too soon.
Endpoint Detection and Response (EDR)
Sorry for yet another tech acronym but EDR is a good one. EDR is the good guys taking their turn to play leapfrog on the bad actors.
EDR is the technical ability to spot anything going on inside a server, desktop, laptop or mobile device that represents an activity that might not be generated by the employee. It detects potentially suspicious “behavior” and efficiently organizes what it is “seeing” so that human analysts can quickly decide if the activity is malicious or not.
Security companies have actually been working on EDR since about 2013. Back then, when a big corporation suffered a cyber-attack, a company called Mandiant would come in after the fact with teams of computer analysts to pour through every workstation and laptop used by employees in order to uncover the “endpoint” where malicious code first entered the system. This was a brute-force solution that was expensive and disruptive. This exercise was impractical for most businesses. Worse, it was analogous to locking the barn door after the barn had burned.
Electronic Office has been diligently monitoring and testing EDR solutions for years, impatiently waiting for a highly effective application that would make sense for companies outside of the S&P 500. Thanks to exponential improvements in artificial intelligence and the extraordinary efficiencies made possible by cloud computing, EDR as a managed service is ready for our clients. EO is upgrading all of our clients from anti-virus software to an EDR managed service solution over the next few months.
The Benefits of EDR
The obvious benefit is a leap forward in spotting a cyber attack when it is in its nascent stages. As previous EO Advisor articles about Cyber-Risk Insurance and Social Engineering have explained, phishing now accounts for 85% of cyber-criminal attacks and heretofore, it has been almost impossible to stop a phishing attack once an employee accidentally makes a small mistake. EDR helps level the playing field.
More broadly, EDR provides four big benefits to the organizations that upgrade:
- New AI capabilities to spot suspicious activities. AI enhances the human teams who are monitoring your security 24/7/365.
- Constant monitoring for malicious code is now integrated with monitoring for suspicious activity, including human activity. Social engineering fraud requires this type of integrated solution.
- A next-generation level of data analytics. EDR provides a comprehensive overview of every attempt to breach your security, even the ones that are active but not yet successful.
- EDR will not slow down your productivity while it scans on the backend. Your security team is kept informed without any unnecessary demands on your time or the performance of your applications.
There are a number of excellent security service providers that smaller businesses can now turn to for EDR-level support. Electronic Office tests all of them. The provider we have decided to partner with for the EDR rollout to our clients is Bitdefender. If you are not a client of Electronic Office but you would like to discuss how we reached our decision to go with this partner company, please Contact EO.