We sat down with Bitdefender Global Cybersecurity Analyst Liviu Arsene to discuss endpoint security automation and next-generation endpoint detection and response (EDR). We also discuss the cyber threats facing enterprises today and what has prevented the adoption of EDR and automation solutions.
Here is our conversation, edited slightly for readability:
Solutions Review: What are the main challenges to enterprise endpoint security today?
Liviu Arsene: One of the biggest challenges for enterprises today is the ability of endpoint security solutions to ensure a solid security posture no matter the type of environment its deployed in—be it physical or virtual endpoint.
Traditional security solutions often deploy the same full-fledged security agent within virtual environments as they do on physical endpoints. This can result in significant performance issues, causing more problems than they fix. The challenge is to find a security solution that enables organizations to fully embrace the power of virtualization and cloud, without compromising security.
Attack vector diversification and increased threat sophistication mean organizations have to also focus on visibility within their infrastructure, not just security, as it can help them identify potential signs of a data breach before it occurs.
To this end, endpoint security needs to be augmented by automated endpoint detection and response tools that not only go beyond identifying known or unknown malware, but also automatically perform triage on security alerts. This enables overburdened IT and security teams to only focus on the most important security warnings.
Security automation can easily be applied to various areas of enterprise security. However, endpoints are usually the most targeted by cybercriminals, which is why organizations should start there when looking to improve security posture. Organizations aiming to protect their endpoints must break the attack kill chain before the attacker accomplishes his objectives. This involves deploying as many layers of defense as possible that can anticipate, prevent, detect and respond, investigate, and even remediate any security issues found.
SR: What role will automation and ease of use play in addressing the cybersecurity resource and skill gap?
LA: Security automation and orchestration tools are supposed to be the hero that saves the cybersecurity industry from the well-documented resource and skills gap. Machine learning algorithms that drive automation are not meant to replace cybersecurity professionals, but rather enhance their response time, experience, and knowledge while reducing their effort in dealing with repetitive tasks. Time is the most valuable commodity for security teams. Applying security automation and fine-tuning processes until a satisfactory objective is met can help IT and security teams ensure solid security even in the face of the cybersecurity skill gap.
SR: What best practices can the enterprise deploy to simplify operations for resource-constrained teams?
LA: When deploying security automation and orchestration tools, organizations should not take an all-in-one approach, but rather an agile approach. Application of automation principles to security problems should be done gradually, as this will help ensure better results quickly. It’s vital for the organization to first understand where to start deploying automation tools.
A first good step is to start by analyzing the organization’s environment before building an automation strategy. This will help the organization identify the most frequent security incidents and whether they are critical to their overall security posture. This will also help the organization understand how much time they can save security teams by offloading these tasks.
Businesses with complex infrastructures benefit the most from next-generation EDR tools. This is because these solutions ensure visibility into the overall security status of the organization while allowing IT and security teams to have a complete picture of the potential threat.
SR: What are CISO’s expectations from the industry to address these challenges for enterprise security?
LA: Industry experts agree the risk of cyber attacks ranks as the third most likely to occur, after natural disasters. This concern is causing security professionals to shift from traditional set-it-and-forget-it security solutions. Today, security professionals are looking to automation tools, such as EDR, that help increase cyber resilience against attacks, by offering visibility into complex and sophisticated threats.
The key is to move away from traditional endpoint solutions and find next-gen offerings that can perform alert triage and only focus on significant and relevant security incidents. This is a great way for IT teams to address both the workforce and security visibility challenges. A security solution that can deliver a single agent that encompasses both endpoint security and EDR capabilities, all in a single management console, is something that can help security professionals meet the challenges brought forward by the increased sophistication and complex attacks aimed at their organization.
Regardless of the type of infrastructure – physical, virtual, on-premise, in the cloud – a next-generation EDR solution should allow the organization to prevent, detect, investigate, and respond to any potential security issue, regardless of how advanced or sophisticated it is. Security automation and alert triage help reduce the burden of incident investigation, helping security teams to effectively defend complex infrastructures.
SR: What has prevented enterprise-level adoption of next-generation EDR?
LA: Traditional EDR solutions often require a dedicated security team or security operations center (SOC) that can cope with the high number of triggered security warnings and incidents. This directly translates to increased operational costs. However, next-generation EDR solutions can perform alert triage. These solutions only focus on relevant security alerts that are usually associated with signs of a data breach, enabling organizations to have both visibility into potential cyberattacks and cut down operational costs. Automation technologies and ease of use can help organizations cope with limited cybersecurity resources and the skills shortage while increasing overall cybersecurity posture at a fraction of the cost.
Legislation, such as GDPR, has also played a role in EDR adoption as organizations are now required to investigate every security breach in a timely manner and offer detailed and comprehensive security reports on how the incident occurred.
Thanks again to Bitdefender Global Cybersecurity Analyst Liviu Arsene for his time and expertise!