While an organization’s most valuable and sensitive data and systems are usually well-protected on interior servers situated inside data centers and behind firewalls, it is on the network endpoints where external attacks begin. So it makes sense to deploy endpoint detection and response (EDR) products that enable comprehensive endpoint security management strategies, rather than attempting to manage a hodgepodge of antivirus, malware prevention and intrusion detection products.
Using an EDR for endpoint security management means defenders can better protect vulnerable endpoints without affecting how the work of the organization is done. Even better, an EDR can provide the information security team with a centralized security control on the most vulnerable points in the network, especially as the enterprise perimeter is becoming increasingly porous in modern networks that connect an ever-shifting collection of BYOD, mobile and IoT devices used by employees, temps, contractors and other third parties.
While internal servers are relatively easy to defend against basic attacks, like plugging in a USB drive to spread malware or exfiltrate data from a secure system, the endpoints are where users often take all sorts of ill-advised actions without the benefit of controlled-access, video-monitored server rooms.
EDR systems offer defenders a first line of defense that gives them a way to gain greater visibility into — and control over — what is happening at the interface between production systems and the wild internet with all its threats and malicious activity. In this handbook, security experts share their insights on why EDR systems can enable better endpoint security management and how to use them most effectively.