Today organizations around the world are in near-indefinite, mandatory remote working postures due to the COVID-19 pandemic and resulting business disruptions. This crash-course into remote work everywhere puts companies’ ability to secure employees’ devices under the microscope: Not only do business owners and IT teams have corporate devices sheltered in place with employees everywhere, they must also face the reality that employees are going to be relying on a mix of virtual private network (VPN) tools, household Wi-Fi and personal devices to remain productive in place for the foreseeable future.
While a pandemic makes remote work the new normal for everyone, at Pondurance we have been helping customers adapt cybersecurity to the inevitable, wider future of remote work for years. We are a full Managed Detection and Response (MDR) company protecting organizations by combining practical solutions, operational excellence, and security expertise.
A lot of cybersecurity comes down to change management. As Pondurance customers affected by remote work necessity take care of their employees and customers, our team is seamlessly accounting for changes remote work, business continuity plans and other measures introduce affecting cyber risk.
Because our core MDR platform spans monitoring and management of network, log and endpoint device tiers end-to-end across businesses, many organizations are benefiting from Pondurance’s Endpoint Detection and Response (EDR) services already covering devices anywhere they move.
Current events only increase EDR stakes. A decade ago, companies knew their endpoint fleets were straightforward – either Microsoft Windows, Mac OS or Linux machines. Yet today there are dramatically more diverse devices, including iOS, Android and other handhelds, plus point of sale (POS) kiosks, industrial control system (ICS) equipment or embedded systems like persistent older versions of Windows that paradoxically might still be powering irreplaceable healthcare, manufacturing or other equipment. Internet of Things (IoT) exposure in the form of connected video conferencing systems, photocopiers, cameras and physical security controls or smart building systems add further complexity to corporate attack surfaces.
Enterprises and service providers used to defend endpoints by inventorying laptops and desktops before installing host security agents. However, the rapidly-changing world of devices means that many IoT –enabled products, for example, fundamentally cannot host security agents in the first place. Other devices may not even be technically owned or managed by a company if they are introduced by employees, contractors or landlords.
So what does this mean for EDR?
While requiring a new game plan, EDR defenses are no less important – in fact, the opposite is true. Your company’s endpoints are an increasingly critical front line of cyber defense, sitting at the intersection where employees focused on performance and productivity cross paths with attack vectors like spearphishing and malicious e-mail attachments, Web browsing, USB media and attacks employing social media. Moreover, every endpoint remains a key source of security data that must be correlated in real-time to spot anomalous or malicious patterns signaling adversary reconnaissance, intrusions or malware detonation threatening to compromise high-value systems or cause cascading outages.
As crucial as understanding device data and behavior is for wider cyber defense, it can seem tempting to “check the ‘endpoint’ box” by deploying a few popular anti-malware tools. Yet, this often creates piecemeal defenses and possible false senses of security. Ask yourself three key questions:
- “Do my EDR capabilities map to my actual device fleet?” Consider all the devices, especially those that cannot support security products or be centrally managed. To avoid security gaps and blind spots, accounting for these devices via the network layer companies own is often the best approach, so access rights and privileges can be policy-driven and controlled, if not the device itself.
- “Am I seeing more than just ‘machines?’” Beyond hardware health and status of software updates, endpoints’user behavior is an essential risk indicator, as more business-critical data lives in apps and other cloud platforms, versus within an endpoint OS or hard drive. For example, unusual login attempts and account behavior in Microsoft Office 365, Google Drive or Salesforce could be signs of stolen credential abuse, or someone inappropriately trying to download restricted files inconsistent with their job description – suggesting a malicious insider or a VIP’s compromised laptop.
Pondurance’s Managed EDR offering complements device management by capturing and analyzing account and access data from corporate routers and VPN servers, software-as-a-service (SaaS) apps and other cloud resources. Not only does our team derive deeper, more actionable security alerts and interventions from this data, it automatically accounts for situations like unexpected remote work, where someone will inevitably use a personal tablet or home office PC to log into SaaS apps from outside the usual office network.
- “How am I driving cyber risk ROI?” Once you lift endpoint fog and blind spots with true visibility into the status of devices and user behavior, how does what you observe drive returns for security management and the wider business? Gathering the baseline EDR mosaic of behavior and indicators is daunting for any security team alone, which is why our customers rely on Pondurance’s 24×7 correlation and analysis to spotlight important trends in areas like configuration management, IT utilization and overall attack surface.
For example, if it turns out a certain subset of “unpatchable” embedded operating systems present the biggest looming bull’s-eye for attackers, you may decide to tolerate that risk – but can make the case for stricter segmentation and access controls on those systems, demonstrably increasing your resilience. Likewise, Pondurance uses Managed EDR data to prove one of cybersecurity’s toughest metrics – improving user productivity. In short order, Managed EDR program’s logs consistently prove that preempting everything from nuisance adware to more severe disk-wipers and other everyday threats dramatically reduce SOC and HelpDesk calls, as fewer users and departments are impacted.
Pondurance conclusively answers the above questions for customers by taking our tailored approach to maximizing every customer’s existing EDR capabilities and investments. Within our flexible MDR platform, we make the most out of organizations’ existing endpoint tools and data, while adding key resources like our Expert Analyst team’s 24×7 support and Threat Hunting + Response (TH+R) abilities. Our trained and experienced analysts step right in to offer everything from digital forensics and incident response (DFIR) skills to the industry sector experience that comes from supporting scores of clients in sectors like healthcare, retail, or finance.
Contact our team to tell us about your current endpoint security priorities and challenges, we are here to help whether you need help with urgent incident response or looking for strategic insight on how to refine and extend EDR capabilities for your evolving business.