Organisations continue to make risky remote decisions

As we approach a year of what has now become out-of-office working, cybersecurity continues to be top of the agenda for businesses. With people spread across the nation, and in some cases the globe, many have opted for Endpoint Detection Response (EDR) solutions to protect their dispersed device networks and keep companies safe.

  • Monday, 11th January 2021 Posted 3 years ago in by Phil Alsop
Typically offered by ‘born in the cloud’ vendors, EDR solutions can be a cheap and easy solution. However, Kaspersky experts are of the view that this approach is leading to businesses boasting an inadequate security solution, and resulting in devices that aren’t fully hardened against rising threats.


Kaspersky has observed a worrying industry trend where next-generation and firewall vendors are pushing EDR after acquiring more universal endpoint solutions. Firewall vendors are impacting the Endpoint Protection Platform (EPP) market through the acquisition of EDR companies that strengthen their solution, but that are missing the comprehensibility of full EPP solutions. The resultant package being sold isn’t as comprehensive as a full EPP solution. Missing features like device and application hardening are a must-have, to increase efficiency and reduce a business’s threat exposure. The current solutions can be heavily reliant upon behavioural detection, which should be one part of a multi-layered EPP solution. Consequently, current packages being sold increase the risk of false positives and a reduction in productivity.

Though EDR providers often hail the solution as a silver bullet to unearth and disarm all potential threats, in reality these solutions only do half the job. Ian Thornton-Trump, CISO at threat intelligence company Cyjax, comments: “EDR solutions are not the only solution to an organisation’s security. However, they do form a valuable and indispensable layer of security to ward off the most dangerous capabilities that cybercriminals can throw at an organisation. But to be most effective, EDR solutions must be deployed into a managed, licensed and hardened IT environment.”

The concerning trend of businesses being sold an incomplete silver bullet solution has been exacerbated by a steep rise in remote working. Prior to the onset of COVID-19, 61% of business stated staffing limitations as the reason they weren’t adopting EDR. Mere months later, Kaspersky research found that nearly three-quarters (73%) of workers hadn’t received any additional IT security awareness training after a mass migration to homeworking, and a panicked change of mind towards EDR’s adoption. As a result, IT teams are not only being faced with more alerts than ever, but without the requisite guidance to filter appropriately. At best, this leads to wasted time and resources; at worst, it could result in a serious red flag being overlooked.

Despite many believing that endpoint security had run its course, this trend and the events of this year have proved that the solution is still very much alive. It is education and guidance that needs awakening.

“Just because some vendors are shouting loudest, doesn’t mean they’re looking after a business’ best interests, and that’s why it’s critical that businesses enter into a conversation that begins with discussing what they need. More often than not, what they’ll find they need is a solution built around, or integrated with, training and skills development. What companies should be investing in first and foremost is instilling that knowledge culture across the business. That will then go hand in hand with EDR being a tool that can become part of your armoury, providing greater visibility and investigation in the growing cyber-threat landscape,” comments Andy Bogdan, Head of UK Channel, Kaspersky.

“Businesses must also realise that technology from three or five years ago is not advanced enough to deal with modern malware. Investment in security technologies like EDR is required, because in technology, good becomes poor very quickly as cybercriminals sprint to innovate new capabilities monthly,” adds Thornton-Trump.

To meet this challenge head on, better understand your own security infrastructures, and truly capitalise on the benefits of EDR solutions, Kaspersky offers the following advice:

  • For endpoint level detection, investigation and remediation of incidents, EDR solutions such as Kaspersky Endpoint Detection and Response will help to pinpoint threats to devices
  • However, for those with limited expertise in cybersecurity, Kaspersky EDR Optimum provides further core EDR capabilities, including better visibility into endpoints, simplified root cause analysis and an automated, and manual, response option
  • When budgets, time and resources are limited, a service provider model can better protect your devices at this time of transition
  • To this end, Kaspersky offers the option of training with all aforementioned solutions as a way to keep operations in-house, but with external skills development assistance to ensure you’re doing so in an effective way
  • Kaspersky’s awareness training for employees explains how to recognise a cybersecurity incident and what they should do if one occurs.