Now that you’ve learned a little about the XDR technology and how it works from our first blog post in this series, let’s go further down the path of cyber security. Let’s go all the way down to the end. Let’s go all the way down to the endpoint.
As it is with all business technology, cyber security has seen it’s fair share of change. Where simple anti-virus software is used to meet our safety requirements, we now see more robust and preventative capabilities in play to identify and respond to threats and attacks.
The thing now is the ‘assumption of breach’. Assumption of breach asks security teams to assume their systems are already compromised and that internal attacks are already underway from the inside. This assumption begs action to proactively protect data, and ultimately, your endpoints.
More on the endpoint; what is it? Let’s be real about what the endpoint is, or rather who the endpoint is. Endpoints are people. Human users. Ordinary folk who access your company’s data every day, who forget to log out, lock their devices, or leave them on the bus in a moment of distraction. It happens all the time.
What’s important to remember is that endpoints are among the most vulnerable areas for cyber attacks. More endpoints (people) mean a wider risk to your organization. Perhaps it’s useful to think of endpoints
With more and more people working remotely and connecting through the cloud, endpoint protection just makes sense. Think about it: most remote workers connect to your company’s data through at least two devices – mobile and a laptop or perhaps more depending on their set-up outside the office, and their requirement to be in the office.
That’s a big battlefield to manage. Increased endpoints expand your security perimeter and increase general risk. What XDR presents is a management system for cyber security.
So, let’s start at the end. Endpoint protection platform (EPP) prevents attacks by blocking (or allowing) access, providing an area to test threats, and uses AI to report suspicious activity. EPP is often cloud-based and analyses data before delivering it to security analysts and often has an Endpoint Detection and Responses (EDR) component. If a threat has already compromised your platform, EDR technology responds with action to recommend either an automated or manual response to find a resolution to the threat.
What does that really mean though?
Imagine a threat slips through your firewall. EDR technology gets your IT security team indicators of compromise in real-time. From our last blog post, you’ll remember that XDR (Extended Detection and Response) forms a security system – it creates an integrated response by leveraging the intelligence of your EDR to move from detection to response across all platforms. XDR is leveled-up protection and is widely considered to be the logical progression in cyber protection technology.
If we were to (again) borrow a comparison from the armed forces theatre, EPP is supporting to threat detection working behind the front line to support and assist. EDR supports at the front line while XDR coordinates as a super-intelligent HQ to propel the sharp end of the stick allowing protection between layers of your IT components to reach every one of those human users – the endpoints – mitigating risk and reducing time expended and cost to respond and ultimately keeping your organization and your people safe.