On our first step into EDR, we venture into the easiest and lowest level of EDR protection for small to medium-sized businesses. We’ll go into more detail about this level of EDR and which companies offer essential EDR protection.
What is EDR?
Think of EDR as one person assigned to your endpoints/devices. Monitoring for threat actors 24/7, looking for ransomware and malware, and detects for suspicious activity that usually doesn’t occur at a specific time on that endpoint. It will even provide remediation steps such as quarantining the device.
An EDR solution must always be able to provide 24/7 monitoring due to the size of the business’s unable to build its own SOC (Security Operations Center) or NOC (Network Operations Center).
Here are six critical components of an EDR provider/service:
1. Endpoint Visibility:
Real-time, or you can’t see! A company should be able to see it constantly from anywhere your IT is based. Keep the lights on, or you will not catch the ghosts!
2. Threat Database:
Like any zombie apocalypse, there are different types of zombies, and the more experience you have fighting them, the easier it will be to find them quickly and prepare for a zombie attack! Make sure you’re giving all the necessary telemetry when it comes to each of your endpoints, down to who’s using that device and what’s installed and running on it.
3. Behavioral Protection:
Signature-based methods of discovering threat actors don’t cut it anymore. It’s all about behavior now; to find the killer, we must interview everyone’s daily tasks! And if one person performs something out of the ordinary, we catch them! Look out for what we call IOAs (Indicators of Attacks); get those alerts that something’s happening that isn’t normal within your company’s network or endpoints.
4. Insight and Intelligence:
Always look for ways to add threat intel to your endpoints that can provide context, sometimes meaning that when a threat is detected, it can be coordinated with other data to find out who this threat actor may be. Sometimes looking for fangs, a cape, and hating the sunlight means dealing with someone we’ve seen before: Get the wooden stakes!
5. Fast Response:
We want only fast and accurate responses within the company, meaning if there’s a threat, it should be reported and dealt with ASAP. Buckets of water should be easily accessible to splash out witches flying around our company!
6. Cloud-based Solution:
Companies that have local EDR are great but having no possible interference or having more difficulty in thwarting our investigations is better. Cloud-based EDR allows you to work safely without experiencing interruptions on your local network or data, preparing for an outage of any kind. There’s no shame in having backup mirrors to scare Medusa away even more!
Other critical components of EDR could be geographical support, third-party integrations, and specific OS support.
Companies that offer basic EDR:
Falcon by CrowdStrike:
Falcon by CrowdStrike is one of the top EDR providers for small to large businesses; I’ve heard nothing but great reviews from colleagues and companies that deploy crowd strikes on their systems. Falcon can start as a basic EDR but can branch out to XDR abilities by incorporating other data sources that can give better insight into your devices. CrowdStrike EDR includes Real Time Response, which provides enhanced visibility that enables security teams to immediately understand the threats they are dealing with and remediate them directly while creating zero impact on performance.
Harmony Endpoint by Checkpoint:
Harmony Endpoint is the new kid on the block born by Checkpoint, provi
ding cross-platform support for all types of devices you may have. Harmony can automate 90% of Attack detection, investigation, and remediation tasks. Built on Checkpoint Infinity, it can combine multiple functions like EPP, VPN, NGAV, and data/web-browsing detection into one consolidated agent.
Microsoft Defender for Endpoint:
In the most recent endeavors of Microsoft, they’ve stepped into the field with Microsoft Defender for Endpoint. Providing primarily into Windows-based devices, companies can look at many points of data integrating it with possibly Microsoft Intune. Intune leverages to manage your Windows, Linux, and Apple endpoints with monitoring for many ways malware and attackers will perform attacks against your company.
So, which one works for you? Again, it depends on how much your company is willing to spend; it matters how big your company is and the number of endpoints. You might be small, with only 10+ employees that all have two devices under them. When looking at EDR, ask yourself one question: What can I see that I wasn’t able to before?
If you have any questions about finding a suitable suite of capabilities for your company, feel free to reach out to us!
These are just a few EDR providers that allow cloud-based EDR to be implemented at your company. Many other companies provide EDR protection, such as Cybereason Defense Platform, VMware Carbon Black EDR, and Malwarebytes EDR. We’ll talk more about taking this further with XDR: My Grandpa used EDR, and I want that XDR stuff!