Ransomware cases are making big headlines in the news lately, and the threat to local governments and public safety agencies is only increasing. Cyber attackers are targeting municipalities, police environments and systems that were once considered to be locked down. However, any time a user or device interacts with the system, there’s the possibility of intrusion. As a result, more agencies and organizations are looking at what else they can do to improve their endpoint security.
Next-generation endpoint security is a key tool you can use to catch ransomware or other types of cyber attacks sooner. However, if you’re considering moving to a next-gen endpoint security solution, it can be confusing. You’ll find a wide range of options from multiple vendors that offer similar capabilities. This can make it difficult to know where to start.
Next-generation endpoint detection and response (EDR) solutions are still relatively new, and the market is quite fragmented. However, as traditional solutions for endpoint protection are less effective against today’s advanced threats, it’s increasingly important for Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) — or anyone with responsibility for the safety of their organization — to evaluate new options.
Here are some things to consider if you know you need to move beyond antivirus solutions, but aren’t sure where to start.
Why Antivirus Isn’t Working as Well
It’s clear that every organization, regardless of size, is an equal opportunity target. Adversaries are doubling down on their efforts to gain a foothold in your network however and wherever they can. At the same time, your attack surface is growing, and legacy anti-malware solutions can’t keep up because they can’t detect advanced threats.
It’s likely your organization has had more remote workers in the past year than ever. In many organizations, some will remain remote for the foreseeable future as workplaces evolve and employees seek more flexibility. In addition, an ever-increasing assortment of endpoint devices like smartphones, laptops, and servers are connected to your network. There’s no such thing as a “closed environment” once someone sits in front of a screen or plugs in a device.
In response, security vendors have developed new endpoint protection solutions in the past few years. They offer far greater capabilities than traditional antivirus solutions to prevent cyber-attacks. These next-gen endpoint security solutions also enable faster response times to a security incident or data breach.
The challenge for most cybersecurity leaders is that there are too many technology options. Navigating a path to quick success is not straightforward.
At Motorola Solutions, we’ve been implementing and managing EDR solutions for several years now for our customers. We’ve developed a good understanding of the various technologies and how to achieve the most important goals, including:
- More effective endpoint protection;
- Faster time to show value; and
- Reasonable operational costs.
Let’s take a closer look now at each of these goals and how you can meet them.
More Effective Endpoint Protection
The EDR technology you choose isn’t necessarily the most critical decision, but it’s clearly front and center. Most EDR solutions today are cloud-based, with lightweight agents that have minimal impact on end-user devices. Most importantly, they can detect threats beyond malware to discover attacks such as an adversary escalating privileges or exfiltrating data.
We’ve found that efficient threat hunting and the ability to respond quickly are equally important for day-to-day investigations and management. There are unique features between different vendors that may impact your choice, so we can help you determine which is best for your business.
Faster Time to Show Value
One of the key advantages of EDR technology is that it looks at processes and deviations from normal behavior. Therefore, it will take some time to ramp up and discover what’s typical for each group in terms of what programs and operating systems those employees use or what code those servers run. By starting with one functional area of your organization, you can narrow the scope for initial EDR deployment and get up and running faster.
Implementing EDR across a relatively homogeneous group will allow you to set baselines for that group quickly. We recommend starting with the group that has access to your most sensitive data or systems and moving out from there. You can best use EDR technology by defining and applying different device policies based on the severity or purpose of the device (critical servers, workstations, etc.).
Reasonable Operational Costs
One of the big value drivers for next-gen EDR technology is that it can detect later stages of an attack beyond initial malware infections or ransomware. For example, it can find remotely connected attackers attempting to access additional resources in your environment through lateral movement, which is something that firewalls and traditional endpoint solutions typically can’t.
This is exactly the insight you need. However, it comes with the overhead of creating thousands of alarms that may, in fact, be signaling legitimate activity by your users or programs – and then the daily cost of managing those responses. Eliminating most of the false positives through automated EDR management solutions leaves more time to investigate actual alerts, saving time and money in the process while improving response times.
How Endpoint Security Services Help
While EDR technology offers many advantages, it doesn’t develop baseline reporting on its own. It requires dedicated attention from analysts who are well-versed in endpoint security solutions to tune it to meet the needs of your organization and unique network security requirements.
You’ll need experienced staff to investigate alerts not filtered by automation rules and to determine how to adjust policy specific to your environment. Otherwise, you and your team can quickly be overwhelmed with alarms at all hours of the day and night.
Handling alerts haphazardly will distract your team and give the perception that the cost to manage endpoint security is higher than anticipated. You can develop these skills and experience across multiple people on your team, which can be costly and take time. Another option is to engage a managed security service provider like Motorola Solutions that can co-manage EDR with you or on your behalf.
The bottom line is that without a proper plan and ability to follow through, you could spend tens of thousands of dollars on the latest endpoint security technology and not get the protection you need. We’ve built endpoint security monitoring capabilities at Motorola Solutions as part of our managed security services to ensure you get optimal benefit from EDR and can quickly show the value of your investment. Plus, we have years of experience in the public safety sector, so we understand your agency or organization’s unique needs and how to best work with your existing solutions.
Our advanced security platform can easily integrate with multiple next-generation EDR solutions via APIs, ensuring a faster deployment This gives you and our security operations center (SOC) the ability to investigate and respond to threats from a centralized management console. The cost for managed security services is typically less than you would pay to staff and train even one cyber security expert. Plus, you’ll get access to an entire team of cybersecurity professionals with broad expertise responding to threats 24/7 to improve your overall security program.
Considering next-gen endpoint security? Find out how Motorola Solutions can help you make the transition quickly and painlessly.