Build a Defense in Depth Strategy - EDR and MDR
September 7, 2021
Data Protection, Disaster Recovery, IT Security, IT Services
Build a Defense in Depth Strategy with Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR)
You can never have too much IT security. Given the frequency of successful ransomware and other types of cyberattacks, it’s clear that many organizations don’t have nearly enough. What they do have isn’t necessarily in the right place. The result: security gaps and other vulnerabilities waiting to be compromised.
Unfortunately, there’s no single solution that can protect organizations against every kind of attack. Nor is there any set-in-stone rule for the best place to use various IT security solutions within an IT environment. What we do know is that layering on various defense mechanisms can provide more comprehensive protection. It’s an approach known as defense in depth (DiD).
DiD is a layered approach to cybersecurity, entailing the use of a variety of different security solutions together, such as firewalls, malware scanners, intrusion detection systems, data encryption and integrity auditing solutions to close as many potential security gaps as possible. The idea is that by using multiple cybersecurity solutions, you can prevent cyberattacks or, if one is successful, you can contain the threat and mitigate potential damage.
An important component of a DiD strategy is the use endpoint detection and response (EDR) or managed detection and response (MDR). EDR and MDR (a form of EDR that includes management by a third-party company) combine continuous monitoring, behavioral analytics, cloud-based threat analysis, automated response capabilities and other tactics to detect, contain or mitigate threats such as ransomware or malware that target endpoints such as laptops, servers and desktops.
EDR and MDR also support threat hunting by pinpointing attacks in progress and isolating the affected endpoints, while minimizing false positives that waste valuable time.
US Signal’s EDR Solution
US Signal recently added EDR to its portfolio of IT security solutions, enabling customers to build a more comprehensive DiD strategy.
The solution centers around software agents that are installed on individual endpoints to monitor activity. The software agent won’t slow down the endpoint it’s installed on. Unlike antivirus products that require constant “.dat” file signature updates and daily disk scans, US Signal’s software agents perform static and dynamic behavioral analysis pre- and on-execution. These two methods are the principal prevention and detection methods in use and don’t require internet. This saves on CPU, memory and disk I/O, and ensures users are covered even when they’re offline.
Data — such as processes, connections, volume of activity, and data transfers — are collected into a centralized portal and data lake. Baseline rules recognize when incoming data indicates a known type of security event and triggers an automatic response. The solution also uses machine learning and AI technologies to detect anomalous actions in real time, including fileless attacks, exploits, bad macros, evil scripts, ransomware, and other types of attacks.
Threats are responded to by various techniques including alerts, killing the process, quarantining a file, or isolating an endpoint so that the threat is stopped before harm can occur. Non-threats can proceed without disrupting operations. Machine learning uses the information gathered to strengthen the service’s ability to detect and protect against future security incidents.
The solution can also be layered with Security Information and Event Management (SIEM) solutions to further strengthen defenses. In addition, it addresses relevant security requirements for customers subject to CJIS, GDPR, HIPAA, PCI, or GLBA.
While other companies offer EDR solutions, US Signal’s EDR and MDR stand out largely because of the involvement of the company’s Security Operations Center (SOC). Comprised of highly experienced security experts, they help with setting up the solution and providing guidance in integrating the platform with other security technologies deployed by the customer to build a comprehensive defense-in-depth security strategy.
Register Now for US Signal’s Beers with Engineers ─ Ransomware Protection: Beyond Backup and Replication
Management Options
Both a self-managed EDR solution and a managed detection response (MDR) solution are available. The primary difference is the responsibility for post-deployment monitoring and response.
With the EDR solution, customers are responsible for receiving and responding to alerts. With the MDR solution, US Signal’s Security Operations enter (SOC) team takes on the responsibility.
Critical success factors for the self-managed EDR solution include comprehensive staff training, in-house malware expertise, allocating enough time for endpoint policies and daily operations, and capabilities for responding to alerts.
MDR is ideal for customers that lack the resources to manage an EDR solution, have a small security team, and are interested in leveraging the expertise of third-party security experts like US Signal’s SOC team.
Standard and Premium Tiers
US Signal’s do-it-yourself EDR option is also available with a standard or premium tier of protection. MDR is only available at the premium tier.
The standard tier features basic threat detection capabilities powered by AI, machine learning and other advanced technologies. That includes malware rollback, anomaly-based detection, automated threat blocking and firewall control.
The premium tier for US Signal’s EDR solution includes additional capabilities such as visual kill chain representation, device containment, complete endpoint visibility and custom detection rules. The premium tier for MDR solution also includes 24/7/365 monitoring and response, remediation guidance, advanced technical support.
More DiD Components
It’s important to reiterate that EDR, or its managed version, is only one component of a DiD strategy for addressing cybersecurity. Companies wouldn’t – or at least shouldn’t – rely on a locked door as their only form of physical security. Nor should they be content to only use a firewall or antivirus software to protect their data and IT assets.
You can learn more about US Signal’s EDR and MDR solutions, as well as its other security services, here. Or call 866.2.SIGNAL or email [email protected].