Today, organizations around the world are in nearly indefinite, mandatory remote working postures due to the COVID-19 pandemic and resulting business disruptions. This crash course into remote work everywhere puts a company’s ability to secure employees’ devices under the microscope. Not only do business owners and IT teams have corporate devices sheltered in place with employees, but they must also face the reality that employees are relying on a mix of virtual private network (VPN) tools, household Wi-Fi, and personal devices to remain productive in place for the foreseeable future.
While a pandemic makes remote work the new normal for everyone, at Pondurance we have been helping customers adapt cybersecurity to the inevitable, wider future of remote work for years. We are a full Managed Detection and Response (MDR) company protecting organizations by combining practical solutions, operational excellence, and security expertise.
A lot of cybersecurity comes down to change management. As Pondurance customers affected by remote work take care of their employees and customers, our team seamlessly accounts for changes that remote work, business continuity plans, and other measures introduced that increase cyber risk.
Because our core MDR platform spans monitoring and management of network, log, and endpoint device tiers end to end across businesses, many organizations benefit from Pondurance’s Endpoint Detection and Response (EDR) services that already cover devices anywhere they move.
Current events only increase EDR stakes. A decade ago, companies knew their endpoint fleets were straightforward — either Microsoft Windows, Mac OS, or Linux machines. Yet today, there are dramatically more diverse devices, including iOS, Android, and other handhelds, plus point-of-sale (POS) kiosks, industrial control system (ICS) equipment, or embedded systems such as persistent older versions of Windows that paradoxically might still be powering irreplaceable healthcare, manufacturing, or other equipment. Internet of Things (IoT) exposure in the form of connected video conferencing systems, photocopiers, cameras, and physical security controls or smart building systems adds further complexity to corporate attack surfaces.
Enterprises and service providers used to defend endpoints by inventorying laptops and desktops before installing host security agents. However, the rapidly changing world of devices means that many IoT-enabled products, for example, fundamentally cannot host security agents in the first place. Other devices may not even be technically owned or managed by a company if they are introduced by employees, contractors, or landlords.
So What Does This Mean for EDR?
While requiring a new game plan, EDR defenses are no less important — in fact, the opposite is true. Your company’s endpoints are an increasingly critical frontline of cyberdefense, sitting at the intersection where employees focused on performance and productivity cross paths with attack vectors like spearphishing and malicious email attachments, web browsing, USB media, and attacks employing social media. Moreover, every endpoint remains a key source of security data that must be correlated in real-time to spot anomalous or malicious patterns signaling adversary reconnaissance, intrusions, or malware detonation threatening to compromise high-value systems or cause cascading outages.
As crucial as understanding device data and behavior is for wider cyberdefense, it can seem tempting to check the endpoint box by deploying a few popular anti-malware tools. Yet, this often creates piecemeal defenses and possible false senses of security. Ask yourself three key questions:
- Do my EDR capabilities map to my actual device fleet? Consider all the devices, especially those that cannot support security products or be centrally managed. To avoid security gaps and blind spots, accounting for these devices via the network layer companies own is often the best approach, so access rights and privileges can be policy-driven and controlled, if not the device itself.
- Am I seeing more than just machines? Beyond hardware health and status of software updates, endpoints’ user behavior is an essential risk indicator, as more business-critical data lives in apps and other cloud platforms versus within an endpoint operating system or hard drive. For example, unusual login attempts and account behavior in Microsoft Office 365, Google Drive, or Salesforce could be signs of stolen credential abuse or someone inappropriately trying to download restricted files inconsistent with job description, suggesting a malicious insider or a VIP’s compromised laptop. Pondurance’s Managed EDR offering complements device management by capturing and analyzing account and access data from corporate routers and VPN servers, software-as-a-service (SaaS) apps, and other cloud resources. Not only does our team derive deeper, more actionable security alerts and interventions from this data, it automatically accounts for situations such as unexpected remote work, where someone will inevitably use a personal tablet or home office PC to log in to SaaS apps from outside the usual office network.
- How am I driving cyber risk return on investment? Once you lift endpoint fog and blind spots with true visibility into the status of devices and user behavior, how does what you observe drive returns for security management and the wider business? Gathering the baseline EDR mosaic of behavior and indicators is daunting for any security team alone, which is why our customers rely on Pondurance’s 24/7 correlation and analysis to spotlight important trends in areas like configuration management, IT utilization, and overall attack surface.
For example, if it turns out a certain subset of unpatchable embedded operating systems presents the biggest looming bull’s-eye for attackers, you may decide to tolerate that risk — but can make the case for stricter segmentation and access controls on those systems, demonstrably increasing your resilience. Likewise, Pondurance uses managed EDR data to prove one of cybersecurity’s toughest metrics: improving user productivity. In short order, managed EDR program’s logs consistently prove that preempting everything from nuisance adware to more severe disk wipers and other everyday threats dramatically reduces security operations center and help desk calls, as fewer users and departments are impacted.
Pondurance conclusively answers the above questions for customers by taking our tailored approach to maximizing every customer’s existing EDR capabilities and investments. Within our flexible MDR platform, we make the most out of organizations’ existing endpoint tools and data while adding key resources like our Expert Analyst team’s 24/7 support and Threat Hunting and Response (TH+R) abilities. Our trained and experienced analysts step right in to offer everything from digital forensics and incident response skills to the industry sector experience that comes from supporting scores of clients in sectors such as healthcare, retail, and finance.
Contact our team to tell us about your current endpoint security priorities and challenges. We are here to help whether you need help with urgent incident response or are looking for strategic insight on how to refine and extend EDR capabilities for your evolving business.