LATEST INTELLIGENCE
PASSIVE ISN’T
GOOD ENOUGH:
MOVING INTO
ACTIVE EDR
I
Introduction
Life today is full of surprises. While infections
from browsing malicious sites are still a reality,
modern attacks are becoming more prevalent
than ever. Now, malware can infect a system using
nothing but the binaries already on the system
itself, and other flavors of malware – such as
ransomware – can encrypt an organization’s files,
causing massive business disruptions. What this
means is that both old and new attacks are in play.
Combating this requires endpoint controls that are
mature enough for advanced prevention, detection
and response capabilities.
PRESENTED BY
The question one may ask is: Why the focus on
endpoint controls? Placing a next generation
www.intelligentdatacentres.com
firewall at the edge to centrally analyze traffic
is a simpler control to maintain. However, the
firewall and many alternative network controls lack
visibility due to several factors: Encryption blinds
them; they are unable to see traffic flowing through
them, such as a laptop entering and exiting the
network; and they don’t have visibility into what is
occurring on an endpoint.
Attacks against a desktop, laptop or server contain
massive amounts of digital interaction that can be
useful for future prevention and detection. Let’s take
the example of ransomware: It deals with invoking
encryption tools or built-in application programming
interfaces, may connect to multiple remote file
shares, touches numerous files and often runs under
the context of the user who ran the malware. ◊
Issue 11
15