English
Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
Here’s how cybercriminals bypass EDR
Endpoint detection and response (EDR) represents a newer, more robust approach to detecting malicious activities on endpoints, such as laptops, mobile phones, and IoT devices. Yet, even with all its benefits compared to traditional antivirus software, recent cyberattacks prove that EDR products cannot stand in the way of sophisticated and determined cybercriminals.
A recent study found that almost none of the 26 EDR solutions evaluated could prevent all bypass techniques. Here's how cybercriminals manage to bypass most EDRs available in the market today:
Adopt a multi-layered, defense-in-depth approach
EDR shortcomings do not imply that they are no longer effective. Modern-day cyberattacks are remarkably sophisticated and multi-pronged. Organizations, too, need multi-layered defense mechanisms. They need to adopt a defense-in-depth approach, ensuring that all security layers operate in a coordinated manner to offer maximum coverage. By implementing multi-tiered security infrastructure that also includes identity and access management (IAM), secure web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS), and zero-trust network access (ZTNA) – all native secure access service edge (SASE) components – organizations can create a robust defense that can identify and respond to threats at different levels of the IT stack.
Organizations also need to correlate networking and security data to create contextual and situational awareness within modern security tools. However, this requires breaking the silos and integrating networking and security functions, much like in SASE architectures. Additionally, organizations must stay up-to-date with the latest threats and evasion tactics and continuously reassess their security posture to stay ahead of the curve. By taking these proactive measures, organizations can better protect their valuable assets and maintain their reputation in the face of an ever-evolving threat landscape.
Etay Maor, senior director, security strategy, Cato Networks
Evasion techniques: Privilege escalation: Supply chain attacks: Blind spots and alert fatigue: Adopt a multi-layered, defense-in-depth approach Etay Maor, senior director, security strategy, Cato Networks