Endpoint detection and response (EDR) is such a battleground between security vendors that it has spawned a whole collection of additional terms as they seek to differentiate their wares or put a new wrapper around existing products and services.
XDR and managed detection and response (MDR) are two of the most prominent. No doubt a few more will appear soon.
But regardless of the label, the goal is to protect endpoints from attack, detect breaches, and response via various remediation actions. Here are some of the top trends in EDR:
1. Mobile devices included
EDR used to mainly be the province of PCs and laptops. It expanded its reach to include servers and other nodes. Most recently, tablets and smartphones have been added to the roster.
“Companies are increasingly reliant on mobile devices, largely due to the shift toward more remote and hybrid work,” said Satish Shetty, CEO of Codeproof.
“Even a single compromised mobile device can pose a significant risk to customer data, intellectual property and loss of business revenue.”
The Verizon Mobile Security Index 2022 report noted that 45% of survey respondents said that their organization had been subject to a security incident involving a mobile device that led to data loss, downtime, or another negative outcome. Hence most EDR vendors are now adding mobile device management and protection to their repertoire.
2. Addressing IT complexity
The halcyon days of networks serving servers that in turn served an army of PCs are long gone.
Now there is some gear on premises and some in the cloud. Servers and endpoints can be physical or virtual. Cloud-based systems can be public cloud, private or hybrid as well as all with one provider or spread around multiple providers. And people are no longer locked in the cubicle. They can be in the office, on the road, or working from home. This level of complexity has impacted EDR and caused it to change shape and incorporate other security features.
Tal Zamir, CTO of Perception Point, noted shifts such as more focus on the browser being used, the extension of zero-trust philosophies to the endpoint, and connecting endpoint and cloud application signals.
“In the past, EDR products focused primarily on executable and document-borne malware, but we are now seeing a strong trend of putting endpoint security controls that run in and around the browser, providing visibility, governance, detection, prevention, and isolation for the browser,” Zamir said.
“EDR/XDR solutions are also extending beyond the browser and the network into email and other cloud apps, allowing security teams to easily correlate incidents that involve multiple attack vectors (e.g., an email link that ends up in the browser).”
3. Supply chain and third-party endpoints
Zamir with Perception Point drew attention to the rise in attacks via supply chain and third-party endpoints.
These endpoints are being compromised, leading to enterprise data loss through these endpoints.
Thus, EDR technology is adjusting to encompass third-party endpoints and the supply chain, providing features that separate third-party content from enterprise content.
4. MSSPs and cloud-based endpoint protection
Managed service providers (MSPs) and managed security service providers (MSSPs) are grabbing more and more of the EDR market as such functions shift to the cloud.
“With organizations continuing to shift to cloud applications and choosing vendors that have more integrations with MSSPs, demand for cloud-based detection solutions will increase in 2023,” said Andrew Obadiaru, CISCO, Cobalt.
“And as organizations prioritize platforms with these integrations, security technology convergence will increase effectiveness of detection tests by streamlining productivity and avoiding risk oversight — thus serving as a more holistic approach to security.”
5. BEC more than ransomware
Everyone is terrified of ransomware. Yet, a new report from Tessian shows that another threat has risen to the fore.
According to Tessian CISO Josh Yavor, business email compromise (BEC) is now eclipsing ransomware. The study shows that organizations received 7% more impersonation attacks in the first nine months of 2022 than email-based ransomware attacks. Security leaders reported receiving 148 impersonation attacks, 141 spear phishing attacks, and 138 email-based ransomware attacks. Nearly one in five of these attacks were successful, and when asked about the consequences, 39% of respondents cited breach of customer data, 34% reported financial losses and 32% experienced a ransomware infection.
“Impersonation attacks were ranked as the top email threat that security leaders are most concerned about,” Yavor said.
Thus, EDR and other solutions are adjusting to pay more attention to this vector. Just as we saw multiple security and data protection vendors releasing product updates that included built-in ransomware protection, expect the same in the coming year with regard to BEC.