Editorial

Firms being sold on “inadequate” cybersecurity during pandemic, claims vendor

EDR solutions only doing half the job, says Kaspersky

Posted 6 January 2021 by

Firms are being mis-sold the idea that their remote working environments are protected, according to cybersecurity vendor Kaspersky.

Kaspersky today issued a notice claiming that a push by vendors towards Endpoint Detection Response (EDR) solutions to protect customers’ dispersed device networks is leaving organisations exposed to threats.

It notes: “Typically offered by ‘born in the cloud’ vendors, EDR solutions can be a cheap and easy solution. However, Kaspersky experts are of the view that this approach is leading to businesses boasting an inadequate security solution, and resulting in devices that aren’t fully hardened against rising threats.”

Kaspersky says it has observed “a worrying industry trend” where next-generation and firewall vendors are pushing EDR after acquiring more universal endpoint solutions.

“Firewall vendors are impacting the Endpoint Protection Platform (EPP) market through the acquisition of EDR companies that strengthen their solution, but that are missing the comprehensibility of full EPP solutions. The resultant package being sold isn’t as comprehensive as a full EPP solution.”

The company claims that missing features like device and application hardening are a must-have, to increase efficiency and reduce a business’s threat exposure. Additionally, the current solutions can be heavily reliant upon behavioural detection, which should be one part of a multi-layered EPP solution. Consequently, current packages being sold increase the risk of false positives and a reduction in productivity.

“Though EDR providers often hail the solution as a silver bullet to unearth and disarm all potential threats, in reality these solutions only do half the job,” it says.

Ian Thornton-Trump, CISO at threat intelligence company Cyjax, said: “EDR solutions are not the only solution to an organisation’s security. However, they do form a valuable and indispensable layer of security to ward off the most dangerous capabilities that cybercriminals can throw at an organisation. But to be most effective, EDR solutions must be deployed into a managed, licensed and hardened IT environment.”

No extra cybersecurity training

Prior to the onset of COVID-19, 61 percent of businesses stated staffing limitations as the reason they weren’t adopting EDR. However today Kaspersky research has found that nearly three-quarters (73 percent) of workers hadn’t received any additional IT security awareness training after a mass migration to homeworking, “and a panicked change of mind towards EDR’s adoption.”

As a result, IT teams are not only being faced with more alerts than ever, but without the requisite guidance to filter appropriately.

“Just because some vendors are shouting loudest, doesn’t mean they’re looking after a business’ best interests, and that’s why it’s critical that businesses enter into a conversation that begins with discussing what they need,” said Andy Bogdan, head of UK channel at Kaspersky.

 “More often than not, what they’ll find they need is a solution built around, or integrated with, training and skills development. What companies should be investing in first and foremost is instilling that knowledge culture across the business. That will then go hand in hand with EDR being a tool that can become part of your armoury, providing greater visibility and investigation in the growing cyber-threat landscape.”

“Businesses must also realise that technology from three or five years ago is not advanced enough to deal with modern malware. Investment in security technologies like EDR is required, because in technology, good becomes poor very quickly as cybercriminals sprint to innovate new capabilities monthly,” said Thornton-Trump.