Endpoint Security: Final Post and Conclusions
This is Part 3 of a 3 part blog series on the importance of endpoint security in protecting your server environment. Information for this blog sourced from Sophos: Seven Uncomfortable Truths about Endpoint Security, accessible here.
Endpoint Detection and Response (EDR) Technology
EDR is becoming a valuable technology field for almost all organizations looking to improve their security, and to add tools to their security arsenal. The term refers to any tools that automatically monitor endpoint and network events to capture data for further analysis. Software is installed in the system that monitors and reports.
While these software tools can assist organizations react to attacks, properly using the technology to mitigate cyber attacks in the future requires analysis resources to make sense of the data. These resources are lacking in the industry, even in organizations that invest in EDR software. Even smaller organizations are looking to invest in EDR solutions.
However without management resources and skills to use the data gathered by EDR software, the investment will be underutilized. Cyber threats may continue to go undetected until they hit the server, and even then for a worrying amount of time without IT security professionals to augment the software.
Based on the results of the commissioned survey, it has become clear that:
“when planning their cybersecurity strategies, organizations should start from
the assumption that a threat will make its way through their defenses. While doing
so, they should also be mindful of the limitations to their visibility into threats and
their resulting inability to identify – and block – the gaps in their security armor.”
That might mean hiring an IT professional to fully utilize EDR software; it may also mean engaging with an experienced IT service provider to lay the groundwork of appropriate endpoint and server side threat monitoring in order to get a better handle on current and emerging security threats.