Enhanced detection and response (EDR) is now part of the IronLogix standard security offering.
The proliferation of endpoint devices has dramatically expanded the typical organization’s IT footprint — and the network attack surface. Every desktop, laptop and mobile device is a potential vulnerability that could give threat actors a foothold in the IT environment. Protecting these endpoints is now an essential part of any comprehensive security strategy.
That’s why IronLogix has added enhanced detection and response (EDR) to its standard security offering. EDR uses software agents to monitor activity and events on endpoints and analyze this data to identify threats. The EDR tool can then contain or remove the threat and send an alert to security personnel.
“We have incorporated the Sophos EDR solution into our defense-in-depth platform,” said Michael Smith, President, IronLogix. “The Sophos solution uses artificial intelligence to replicate the skills of experienced security analysts. It has been ranked a Leader by Gartner and has received accolades from key industry publications. We believe it provides the best endpoint protection for our customers.”
The Endpoint Protection Challenge
Many modern threats target mobile devices, and few organizations have the tools they need to combat these threats. Today’s threats are capable of evading traditional defenses. For example, polymorphic malware constantly changes its signature by altering file names, encryption keys and other characteristics. More than 90 percent of malware is polymorphic, according to Webroot research.
“Traditional, signature-based security systems do a great job detecting known threats,” said Smith. “These tools check traffic and files against a database of known signatures and issue an alert if a match is found. But today’s hackers are too sophisticated for that. They just change malware code so it doesn’t produce the same signature. Pattern-matching solutions can’t detect it.”
Many organizations are also unaware of all the endpoints in their environments. A recent report by Cybersecurity Insider found that 60 percent of organizations are aware of fewer than 75 percent of the endpoints that attach to their networks. Almost half would be unable to find every device compromised in a breach within 24 hours.
A Better Approach
Endpoint protection platforms (EPP) are still valuable, but they have significant limitations in this threat environment. Leading EPP solutions provide some degree of threat detection, but rely heavily on signature-based antivirus.
Using machine learning, heuristics and threat intelligence, EDR tools are capable of analyzing endpoint behavior and detecting new and emerging threats in real time. If abnormal activity is detected, the appropriate response is triggered automatically. Threats are isolated to minimize their impact and prevent them from propagating across the environment. The EDR tool also issues alerts, and enables IT teams to investigate the threat in a safe environment.
“EDR tools provide visibility into activity on all endpoints across the environment,” said Smith. “They help security teams identify the specific threat, when it occurred, where it originated, who is responsible and what action should be taken. This analysis is performed with the speed of AI, enabling the rapid response that’s critical to mitigating risk.”
The IronLogix Solution
There are certain features to look for in an EDR solution. Advanced analytics that can separate legitimate threats and incidents from noise are critical. And because EDR is not a standalone magic bullet that will solve all security problems, organizations should look for an open solution that can be integrated into a broader analytics system with threat intelligence and other tools.
“The Sophos solution checks all the boxes when it comes to enhanced detection and response,” said Smith. “It provides advanced features and integrates with the other Sophos solutions we’re already using in our environment. It is also highly scalable and can accommodate growing volume and complexity as the number of endpoint devices continues to explode.”
Any organization that uses a wide range of mobile devices should be considering EDR to beef up security. Let us show you how Sophos EDR overcomes the shortcomings of legacy security systems and reduces the risk of mobile-targeted threats.