September 21, 2021 Cybersecurity Knowledge Center

Catching the attacks that slip through the cracks: 3 key reasons to layer your cybersecurity with EDR

Reading Time: 3 minutes

Two hundred and eighty days. That’s more than nine months, some 40 weeks, and the bulk of an entire calendar year. 

It’s also, according to the most recent annual “Cost of a Data Breach” report, the average length of time it takes to resolve a cybersecurity breach, from infection to resolution. Produced by IBM and the Poneman Institute, the report states that the global average for the time between an organization experiencing an initial security breach or infection to realizing it was 207 days; actually dealing with the fallout takes several more months.

“That basically means that, around the world on average, it took seven months to even identify that a breach has occurred,” explains Marc Laliberte, the technical security operations manager for WatchGuard Technologies, a SUCCESS partner. “And then after that it’s another 73 days on average to actually clean up after the attack.” 

Of course every business owner would like to ensure that their cybersecurity is never jeopardized, but this day in age, that’s not realistic. 

“I’d love to say if you buy our products and install them you’re un-hackable, nothing will ever get through, but it’s simply not the case,” Laliberte says. This is where EDR, or endpoint detection response, can play a key mitigating role in your cybersecurity journey. 

“It’s designed to fill in the gaps of things your other security services may miss,” he says. 

EDR software is usually used as an augmenting layer to your existing cybersecurity defenses. It’s differentiated from other anti-malware or anti-viral software in that it heightens the focus on behaviors within networks, alerting your security team to potential red-flag actions before they get out of hand.

“This boils down to a layered security approach,” Laliberte says. “You can’t install a firewall and assume you’re safe with just that. You can’t install end point protection on your computer and assume you’re safe. You need to follow a layered approach so that you catch threats that make it through one or the other, and EDR is another one of those layers.” 

Wondering whether EDR is right for you? Laliberte lays out three key reasons you should look into this additional layer of cybersecurity. 

No business is too small to be hacked

“It doesn’t matter how small you are, you wouldn’t be in business if you didn’t have something valuable,” Laliberte says. That something could range from your intellectual property to your database of customers—or anything, really, for which you could be convinced to pay a ransom in order to regain access or to prevent a leak. “I get that it’s easy for me to say you need every single security service out there; but the reality is there’s no such thing as a company too small to be hacked,” he adds. 

What’s more is that tools on the dark web and underground forums are making it even easier for technologically unsophisticated, low-skilled hackers to unleash devastating attacks. 

Still, while the prospect of managing another element to your cybersecurity regimen might seem daunting, there is no one-size-fits all approach to cybersecurity.

“You’re not necessarily a security expert. You might run a dentistry and you’re just in charge of the IT,” Laliberte says. “This is where partnering with someone who knows security, like SUCCESS, is so important. Work with someone that has the expertise to recommend what’s best for your specific organization.”

Security is best served in layers 

In a recent security report, WatchGuard found that in the first quarter of the year alone, three-quarters of all malware got past legacy anti-malware services. 

“Basically, there’s no perfect defense, and EDR is designed to catch things that slip through the wall,” Laliberte explains. 

While having a strong network firewall is important, so are technical controls, as well as user training and strong policies.

“It’s all layered security,” Laliberte says. “Knowing that nothing’s perfect, it’s not a matter of ‘if’ but ‘when,’ an attack will occur, and having a plan on how to respond to that can go a long way to keeping a company safe.”

A changing landscape (for workers and hackers alike)

The workplace landscape has changed drastically over the past two years, and the realm of hacking and cyberattacks has adapted right alongside it. 

“When you’re transitioning from working from home, where you don’t have the benefit of a network firewall, it means you’re more at risk of getting an infection on your host, and then you basically you run the risk of tracking the mud back into the house when you come back inside the perimeter,” Laliberte says. Additionally, hackers and bad actors, even unskilled ones, are getting more adept at evading traditional cybersecurity measures. 

Again, EDR can serve as an extra layer of protection, though its important to understand that not every EDR is created equal. 

Laliberte recommends looking for EDR solutions that don’t just rely on signatures, “Because that’s kind of old school. These days, it’s easy to get past defenses that rely on signature-based protections.”  

Knowing how to best employ EDR to serve your specific organization’s needs might not be within your skillset, but partnering with a MSP like SUCCESS can help.

“For so many small-to-medium-sized businesses, they’re not security experts, they’re probably not even IT experts, and so having someone else who is is probably going to be the difference between succeeding or failing when it comes to defending against these attacks,” Laliberte says.