Blog

NGAV or EDR guidelines

Businesses around the world are re-opening their offices and welcoming back employees who have been forced to work from home for nearly three months while the world battled the coronavirus pandemic. But research shows the majority of people want to continue working remotely, at least part-time. The fact is, your organization’s security perimeter has permanently moved to the endpoint – outside the protection of the corporate firewall and other network security tools. Now is the time to make upgrading or replacing your endpoint security technologies and best practices a top priority. 

While the pandemic has created severe disruptions to business worldwide, it’s been a boon for cyber attackers. They see it as just another opportunity to take advantage of people’s fears to distribute spam, spread disinformation, and steal sensitive corporate data. And the fact that more of your employees are working remotely (and want to continue doing so) makes the attackers’ “jobs” easier. 

One thing that has not changed: the threat malware poses to your organization. The total number of malware infections has been on the rise for the last ten years, reaching 812.67 million in 2019. That means 230,000 new malware samples are produced every day. And the fact is, endpoint security technologies cannot keep up with the sheer volume of known and unknown attacks that bombard organizations every single day.

Consider these startling statistics:

  • 62% of businesses experienced phishing and social engineering attacks in 2018
  • 75% of companies infected with ransomware were running up-to-date endpoint protection 
  • 191 days: the length of time it takes an organization to detect a data breach 

 

Only count on luck when playing the lottery…Close the protection gap in your endpoint security now.

 

Make a decision

You have two options for how to close your organization’s endpoint security protection gap (hint: there’s only one choice):

  1. Keep everything the way it is, prioritize other projects. Understandable option given budget constraints and limited resources. But the long-term costs of suffering a data breach and repairing the damage are much higher and time-consuming. 
  1. Augment or replace your AV at the endpoints.

Of course the correct answer is #2, but there are several important factors to consider when evaluating solutions and vendors. Any new product you implement must not only provide more protection, it has to be easy to deploy and lightweight in terms of CPU, memory and bandwidth consumption. The question becomes “which product to implement?” It’s not an easy one to answer.

 

Choose the right product

Type “endpoint security” into your search engine, and you’ll return about 55 million entries. You’ll also encounter terms like “next-gen antivirus” (NGAV) and “endpoint detection and response (EDR). There’s a debate raging in the endpoint security space over whether NGAV and EDR is the more effective replacement or augmentation for AV solutions that have long relied on blacklisting technologies. But actually, the issue is not that simple. 

 

NGAV or EDR, which is the right technology for your organization?

 

Some NGAV vendors promote their use of AI and machine learning technologies, but the fact is that most modern AV solutions offer the same capabilities and features. One thing they all have in common: a reliance on prior knowledge of attack patterns and signatures. 

Also, a warning: switching to NGAV means a rip and replace of your current AV solution with potentially minimal return on that investment of time and money.

 

Can you justify a project budget for that purpose?

 

The EDR option provides you with visibility into activities across all of your organization’s endpoints to support the investigation of possible attacks and threat hunting. It therefore generates large amounts of raw data and consumes significant resources, forcing security analysts to constantly review vast amounts of logs to figure out whether a potential threat is an actual threat. 

Like NGAV solutions, implementing an EDR solution places an enormous burden on already overworked security teams. Yet, because it is strictly an “after the fact technology”, it will not actually prevent an attack from succeeding in breaching your systems and exposing sensitive information. 

 

Can you justify a project budget for that purpose?

Are NGAV or EDR really closing the protection gap?

 

Can I find a solution that adds significant protection with low OPEX?

 

Nyotron solution closes the protection gap

Nyotron designed PARANOID to be a real-time prevention solution. It is unique in its ability to truly be threat-agnostic because it works at the OS level and uses positive security model. PARANOID works side by side with your existing AV solution, removing the need to rip-and-replace. Rather, it multiplies the real-time prevention capabilities at the endpoint while also offering the level of visibility an EDR product can provide. 

Deploying the Nyotron solution enables any organization to gain significant protection, relieve the burden on IT’s shoulders, and  close the protection gap.