Andrea Danti - Fotolia
How EDR tools can improve endpoint security
IT should be constantly re-evaluating security tool choices. Endpoint detection and response tools, for example, can be a good option to improve endpoint security.
When IT professionals don't use the proper endpoint security practices in a modern workplace, they can use the same old methods and expect different outcomes.
If users download malware on PCs, laptops or mobile devices, hackers can gain access to those assets and use them as an entry point to an organization's network. Endpoint detection and response (EDR) tools can help to prevent malware. EDR tools are relatively new to the market, however, and some organizations don't understand what these tools can do.
What are EDR tools?
EDR tools have evolved into excellent resources for fighting advanced threats and responding to incidents on network endpoints. With EDR tools, IT pros gain a proactive and adaptive approach to endpoint security, often focused on malware security.
These products combine features such as behavioral analysis, behavioral blocking, application control and app whitelisting, along with overall network monitoring and incident response. IT could find another security tool that offers these controls, but EDR tools provide unique value because IT can remediate any endpoint weaknesses and provide forensic details to help with a quick incident response.
EDR tools also integrate into other security tools to accomplish the following tasks:
- improve visibility into endpoint behaviors and processes;
- manage physical and information assets;
- enhance response and remediation efforts; and
- assist with ongoing data collection to provide IT with device analytics.
While some EDR tools integrate easily with other endpoint security tools, many EDR tools require specialized APIs to do so. EDR vendors provide their customers with these APIs to integrate with other tools for data visualization, incident reporting and ticketing.
Are EDR tools right for your organization?
Organizations can use either an on-premises EDR tool or an EDR service from a vendor. Cloud-based tools can perform the same functions that on-premises tools do without affecting local storage and memory resources.
Some EDR vendors, such as Carbon Black and CrowdStrike, focus more on cloud-centric approaches to minimize the workloads that run on device and on premises. Other options, such as those from Symantec and FireEye, run well on premises.
Before purchasing EDR tools, however, IT pros should ask themselves the following questions:
- Do we fully understand our current level of endpoint risk? Do we have all the right information from vulnerability and penetration testing, control audits and so on?
- Do we have proper standards for addressing the big security gaps? What do our policies say?
- What reasonable steps can we take to close the gaps and minimize the risks? Do we need to address our users, the technical areas of endpoint security or our business operations and workflows?
IT should come up with a plan to close the gaps and then roll out the fixes. As with most facets of security, there's always more that IT can do to keep endpoint threats in check.