Why is EDR not enough?

For 10 years, unlike other areas of cyber security, no progress has been observed in the field of prevention. More strategic than responding to an attack, prevention combines many advantages and is essential.

The cybersecurity market has seen the emergence of new EDR (Endpoint Detection and Response) offerings. They rely on agents installed on endpoints that collect behavioral data and send it to a central database for analysis. They can then identify trends and detect anomalies; this can then be automated to send alerts for corrective action or further investigation.

An EDR type solution will generate alerts that need to be dealt with quickly. Some correspond to actual malicious behavior, while others will not be so obvious and will require research. This is where the SOC (Security Operations Center) comes in. It is managed by security experts responsible for continuous security monitoring.

EDR solutions have become essential to detect and remediate many of the cybersecurity threats that organizations face on a daily basis. The latter, a real research tool, has become a pillar of modern security devices. However, attacks exploded in frequency and severity, undermining the effectiveness and protection capabilities of EDRs.

The threat landscape is also getting much more dangerous. An 800% increase in ransomware* attacks was observed between 2019 and 2020, and Ponemon Research reports that 80% of vulnerabilities come from previously unknown malware and zero-day attacks. The tools that many organizations use do not provide adequate protection against increasingly sophisticated attacks.

While these solutions have improved in recent years, it is still common for teams to receive too little contextual information (false positives) that prevents them from prioritizing their responses appropriately. Also, EDR is not a suitable tool for all organizations as it requires having a designated or managed SOC.

Rethinking Cyber ​​Defense

EDR is based on the “hypothetical breach” mentality, that is, the traditional belief that no cyber defense can truly prevent cybercriminals from entering an environment. Detection and response solutions such as EDR, MDR, NDR, and XDR all have one thing in common: they all rely on post-execution remediation. As the name suggests, EDR is only valid after the attack has taken place. This ultimately means that attackers are already inside the corporate network when detection and response solutions escalate.

Post-execution is too late to prevent a breach and remediation is costly and time-consuming – a point highlighted by a recent study that tested the effectiveness of 11 best-known EDR tools and highlighted their inherent shortcomings. The professionalization of modern threats and the large number of successful breaches have proven that EDR is not sufficient to stop today’s increasingly advanced threats.

It’s time to redefine what threat prevention really is and explore new deep learning-based technologies that enable malware detection, classification, and prevention.

Better to prevent than to respond

Companies realize that they cannot protect against today’s most advanced threats and are actively investing in better protection. Gartner has estimated that global spending on security and risk management will exceed $150 billion in 2021. Probably over that figure.

A prevention-oriented approach to stopping threats replaces or supplements the traditional view to reduce or even eliminate risks. Pre-execution anti-malware and reduced false positives improve operations, reduce costs, and stop known, unknown, and zero-day threats, including ransomware, before they strike. It has the ability to influence the environment of the organization.

Machine learning-based prevention solutions also often rely on data streams from antivirus tools, EDRs, and other security tools. This means that they can only react to threats rather than anticipate them. Attackers are increasingly taking advantage of these flaws with attacks designed to deal their damage before it’s detected.

While Machine Learning-based solutions have proven essential to deal with the avalanche of warnings, they are limited by their reactive nature. In fact, this approach is fundamentally inefficient at preventing attacks up the chain. Attacks have time to execute before systems manage to identify their malicious nature, which can take several minutes or more.

Go even further than Machine Learning

Deep Learning is the most advanced subset of Artificial Intelligence. This technology represents the next step in smart security, as its foundations are inspired by the workings of the human brain. The more raw data the machine receives, the more intuitively it understands the meaning of the new data.

Deep Learning technology enables companies to completely block cyber attacks. It can detect and respond to them, but also anticipate and prevent them, stopping over 99% of threats and significantly reducing false alarms to <0.

Therefore, a new perspective on EDR tools is required.

A cybersecurity solution that can predict and detect unknown attacks without human intervention will revolutionize companies’ cyber defense. With Deep Learning, organizations will not only be able to prevent today’s attacks, but also anticipate and prevent tomorrow’s attacks.