Endpoint devices and its users are the most common vectors of attacks for external attackers. The most efficient way to prevent this is to use Endpoint Detection & Response (EDR), the best technology available for detecting attacks and take action to protect compromised devices.
Attacks on endpoints can be achieved in multiple ways, for example by spam- or phishing emails, malicious files or links sent to the end user or presented on sites the user visits. It is a cheap and efficient way to get access to organisational resources by infecting and taking control of a device that in turn is used for lateral movement to access central resources and achieve the goal of the attacker, exfiltrate data, etc. Many of the large scale and costly breaches we have seen have started with a single compromised user device or user credentials.
Some specific attacks, for example ransomware, require real-time detection and blocking, having detection only will not help in stopping a ransomware attack, as the execution in itself will realise the attackers goal.
The solution – 24/7 endpoint detection, active response and incident reporting
Endpoint Detection & Response (EDR) is the best technology available to protect endpoints from attacks, analysing what is happening and taking action to prevent or mitigate the attacks.
EDR utilizes multiple approaches to detect and block threats, for example heuristic analysis of code and user behaviour, blacklists and analysis of communication. The technology also offers multiple options for response, such as isolation of endpoint systems, blocking of code and locking accounts.
In EndpointSentry, Sentor combines EDR solutions with our BlueSOC, manned by security analysts who monitor and respond to activities 24/7. The solution enables Sentor BlueSOC to detect everything from malware infections, phishing campaigns and access to malicious web pages, to advanced APT:s and deviating end-user behavior. Once detected, the activities can be acted on in near real-time, thereby minimizing the impact of incidents.
Using BlueSOC EndpointSentry offloads the customer organisation as well as provides access to broad expertise, giving the customer protection, detection capability and triage capability 24/7 even when the customer’s security operations are inactive.