Joining up the dots.... with Fully Managed EDR
We have the award-winning Overwatch XDR solution in our offshore SOC that is delivering actionable information to our clients on their cyber posture, and we can now deliver a fully managed Endpoint Detection & Response solution to complement it.
For those not familiar with EDR, it is the evolution of legacy antivirus solutions. In the same way that our Overwatch XDR platform has leapfrogged SIEM solutions, EDR will help gain visibility into malicious activity on endpoints, as well as stopping them in their tracks.
How does EDR work?
Endpoint detection and response is broadly defined by three types of behaviour.
Endpoint management. It records endpoint data, then store that data in a separate location for analysis now or in the future.
Data analysis. EDR is able to interpret raw telemetry from endpoints and produce endpoint metadata we can use to determine how a previous attack went down, how future attacks might go down, and actions that can be taken to prevent those attacks.
Threat hunting. EDR scans for programs, processes, and files matching known parameters for malware. Threat hunting also includes the ability to search all open network connections for potential unauthorised access.
Firstly, crime is moving online, with reports including a 40% increase in ransomware attacks in Q3 of 2020 alone! Traditional antivirus has the same issues that traditional SIEM solutions have, they just don't work in today's sophisticated cyber world.
Why Fully Managed?
Because let's face it you've got more important things to do with your time, but must ensure all endpoints that are accessing your data are fully protected. With increased working from home, with either corporate or staff computers, your data sits outside of perimeter defences but still needs protecting.