Connect with us

Hi, what are you looking for?

HEADLINES

Tips for small enterprises on how to choose an EDR solution that suits their needs

SMEs understand that they need to improve their security capabilities and they usually contact our sales representatives to enquire about our products. However, for an organization where its IT department is responsible for cybersecurity — as is typically the case for SMEs — translating this intention into practice can be hard.

By Stephan Neumeier
Managing Director for Asia Pacific
Kaspersky

The attacks taking place on small and medium enterprises (SME) are becoming more sophisticated, meaning that they cannot be easily prevented by traditional endpoint protection mechanisms. In such cases, timely incident detection is essential to minimizing any potential negative impact. However, this challenging task cannot be done without enhanced endpoint visibility, exploring suspicious activities and understanding attack execution processes.

From our experience, SMEs understand that they need to improve their security capabilities and they usually contact our sales representatives to enquire about our products. However, for an organization where its IT department is responsible for cybersecurity — as is typically the case for SMEs — translating this intention into practice can be hard. 

They simply don’t know where to start. It may seem that the ideal plan is to buy a solution that combines all the high-profile features at once.

Advertisement. Scroll to continue reading.

But what can go wrong with this approach? Will the companies be able to sift through all the data and events that modern Endpoint Detection and Response (EDR) solutions provide, as well as distinguish between false alerts and real threats?

Serious functionality involves big investments – and it’s not only about money

First of all, it is a matter of price. A Kaspersky report, ‘IT security economics in 2019: How businesses are losing money and saving costs amid cyberattacks’, shows that, on average, the share of spending on information security equates to around a quarter of an entire IT budget. This is true for both small and large companies but in absolute numbers, there is a significant difference. 

Spending on cybersecurity in organizations with 50-999 employees is estimated at $267,000, while their counterparts with more than 1,000 employees spend $18.9 million on average. So, a solution intended for enterprise customers may not suit smaller businesses’ budgets.

Moreover, required investments are not only monetary. Enterprise-grade products may be hard to install and integrate with existing security solutions. In an enterprise with a large IT security department, some staff can simply devote their time to this task. This can be an issue for a smaller company though, as fewer employees are responsible for maintaining the whole infrastructure.

Don’t use a sledgehammer to crack a nut

Of course, all these efforts are worthwhile when a new security solution benefits the company’s level of protection. But in practice, even if an SME manages to secure a budget and implement an enterprise-grade solution, without sufficient expertise in information security, it will be difficult to fully leverage the scope of functionality.

Advertisement. Scroll to continue reading.

First, the advanced functions may simply be irrelevant to their particular requests. For example, if a previously unknown suspicious object is detected, some organizations that are not very mature in cybersecurity just need to know if it is malicious, or needs blocking. Meanwhile others just need a full picture of the object’s actions and background for a deep investigation. It is important to understand what an organization’s requirements are and what its existing team can work with. Depending on this, a company can decide whether they are ready to purchase, for instance, a sandbox designed for security researchers.

Secondly, products which were created for security analysts are not appropriate for a “set-and-forget” approach. For example, a feature-rich EDR solution requires a team of expert analysts capable of tuning the detection logic and creating new rules to continuously improve detection levels. Without such specialists, the solution’s ability to proactively search for indicators of intrusion will not be useful.

It is common in SMEs for a system administrator to manage an endpoint protection solution. But even EDR, which provides essential capabilities, requires an employee with basic cybersecurity knowledge. Of course, hiring a full team of threat hunters or advanced security analysts at once is hardly a feasible task – such professionals are highly-paid and quite rare to find. Therefore, it is worth starting with an employee who has knowledge in information security. Combined with an understanding of the IT landscape, this allows for validating alerts, eliminating threats while taking into account the risks of their actions, such as isolation of a certain workstation or server, or stopping a critical business process.

***

When EDR becomes a piece of shelfware, rather than an effectively-used solution, it is not just a waste of an SME’s budget. Such a failure at the very beginning can demotivate company leaders to develop cybersecurity initiatives in general: if they do not see a benefit, why should the business invest in other security products?

Therefore, an organization should first decide if it is ready to hire an employee who is responsible for information security issues. If not, the most effective option will be to ask for help from external incident detection and response professionals.

Advertisement. Scroll to continue reading.

For those businesses that decide to develop this capability internally, it is essential to initially find a beneficial solution without making substantial investments in additional resources – both monetary and human. And to avoid the above pitfalls, we recommend paying attention to the following guidance:

–       To provide visibility without ‘blind spots’ and centralized response features, EDR needs to be integrated with an Endpoint Protection Platform (EPP). Enhancing cybersecurity capabilities should be a step-by-step evolution. Once a company can detect a malicious object with an endpoint protection solution, it can expand existing technology with the ability to understand where it came from and search for this threat on other workstations.

–       If an EDR solution can be smoothly integrated with existing endpoint security solutions in a centralized way, it cuts the time required for deployment. So, before purchasing a product, ask if it supports turnkey integration with your EPPs. 

–       If you have a limited number of staff responsible for security, make sure your chosen EDR solution provides good visibility and automation, but doesn’t overwhelm a specialist with irrelevant information. All the incident information should be readily available from a single console and a path of the attack spread should be visualized to simplify threat analysis. Automated search for Indicators of Compromise and incident response features will speed up the work and increase staff productivity.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement