Cyber Defense eMagazine February Edition for 2022

More documents

Recommendations

Info

What is EDR? EDR is a capability that identifies and responds to cyber threats by combining real-time continuous monitoring of data and endpoint collection with rules-based automated response and analysis capabilities. EDR tools have gained a significant amount of popularity among IT security operations teams due to their ease of use and the understanding that endpoints can provide the richest data about intruders. EDR enables: ‣ Automated, simple pattern detection of known bad-attack types, leading to triage and investigation of those alerts ‣ Automated response in the sense that pre-determined actions can be configured from the detection rules ‣ Centralization of endpoint log and telemetry data in the cloud for offline analysis While useful, EDR technology only locates certain types of activity, or “known bad” activity. Most EDR tools limit the activity they record to reduce bandwidth and storage. So, what happens when there is an “unknown bad” in a network? This vulnerability gap creates plenty of blind spots for attackers to enter, but it is possible to diminish those issues through other solutions. Cyber Defense eMagazine – February 2022 Edition 36 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
What should agencies look for in a solution? Skilled attackers are aware of the EDR capabilities and know how to get around them. If agencies pair a threat hunting solution with their EDR technologies, they will have a deeper, more comprehensive visibility over their endpoints. When looking for the right threat hunting platform, it is crucial that agencies keep certain criteria in mind – adaptability, scalability, and extensibility. It is also important to use a platform that is fully powered by accurate data and can respond to threats in seconds. Here are some elements to look for when choosing an EDR solution: ‣ Continuous monitoring of endpoints. Legacy security solutions tend to employ a collection of incompatible point solutions tied together in a SIEM, resulting in a data set that is weeks old, and doesn’t include unmanaged, offline, or off-network endpoints. Instead, it is important to have a comprehensive platform to gather in-depth endpoint data, giving agencies the ability to collect accurate, real-time data in minutes, not months ‣ Formatted, organized data. Many tools require you to export data from different sources, normalize output, then attempt to combine it all into one report. It is important for agencies to streamline this process through a solution that provides actionable data that is already in the correct format for use ‣ Zero-trust architecture. Achieving a strong endpoint defense requires complete visibility into the entire operating environment. Agencies should look for a platform with a zero-trust architecture that continually monitors device health and checks whether it is patched, secure, compliant, and managed An endpoint security and management platform solution can dig deeper into the suspicious activity detected by EDR to understand the threat and protect any additional machines that may have been compromised. A single platform of this nature gathers in-depth endpoint data, giving agencies the ability to collect accurate, real-time data in minutes. The time to improve cyber is now, and everyone plays a part in this process. The federal government has set the precedent with this memo, and agencies understand the importance of the guidance. Agencies must implement a strong EDR solution and enhance their EDR capabilities to improve their security posture and response capability. Cyber Defense eMagazine – February 2022 Edition 37 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: How Criminals Have Migrated Through
Page 3 and 4: Combining True MDR & SOC for Robust
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - February
Page 17 and 18: How Criminals Have Migrated Through
Page 19 and 20: Quite often the perpetrator claims
Page 21 and 22: • Identity Access Management (IAM
Page 23 and 24: About The Author Active with the IC
Page 25 and 26: Given the rise in cyber-attacks, th
Page 27 and 28: Why is that? Let’s take COVID-19
Page 29 and 30: soon as possible and base it on str
Page 31 and 32: How Do I Reliably Identify You If I
Page 33 and 34: validation, what can be a very reli
Page 35: How To Improve Federal Endpoint Det
Page 39 and 40: Decision Trees in Case of a Ransomw
Page 41 and 42: expertise’s recommended returning
Page 43 and 44: was sentenced to 12 years for payin
Page 45 and 46: Verify But Trust Managing insider t
Page 47 and 48: We now live in a world where the in
Page 49 and 50: 2. Cryptographic Failures - Cryptog
Page 51 and 52: Conclusion Penetration testing is a
Page 53 and 54: 1. Increase enterprise security pro
Page 55 and 56: minimise the impact on business per
Page 57 and 58: Today's Digital Battlefield Demands
Page 59 and 60: UAE can be a cyber security powerho
Page 61 and 62: Why Ransomware is Only a Symptom of
Page 63 and 64: Response vendor that can leverage a
Page 65 and 66: Critical IT infrastructure had to b
Page 67 and 68: Killware is the Next Big Cybersecur
Page 69 and 70: The most effective way to defend ag
Page 71 and 72: Combining True MDR & SOC for Robust
Page 73 and 74: especially those who want to build
Page 75 and 76: intelligence, data logs, and advanc
Page 77 and 78: But when it comes to cybercrime, a
Page 79 and 80: of in 2022. In effect, ransomware h
Page 81 and 82: Detect Ransomware Data Exfiltration
Page 83 and 84: Advanced SQL Behavioral Analysis fr
Page 85 and 86: In contrast, the corresponding reac
Page 87 and 88:
of how PCs, laptops, and other Wind
Page 89 and 90:
Cyber Insurance: What Executives Ne
Page 91 and 92:
Keeping Premiums Low Once Coverage
Page 93 and 94:
Data Security Must Be a Priority as
Page 95 and 96:
sites like Facebook or LinkedIn. Cy
Page 97 and 98:
Why Building Managers Need to Prior
Page 99 and 100:
It should also provide the means fo
Page 101 and 102:
Cyber Defense eMagazine - February
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
CyberDefense.TV now has 200 hotseat
Page 125 and 126:
Books by our Publisher: https://www
Page 127 and 128:
Page 129 and 130:
show all

Cyber Defense eMagazine February Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?