EDR Compared to Insider Threat Monitoring and Analytics

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

What is EDR?

EDR stands for Endpoint Detection & Response. These tools are security solutions designed to help security teams detect malicious activity on endpoints, understand the chain of attack, and enable administrators to respond appropriately. To truly understand the value of EDR you first have to understand how traditional anti-virus searches and identifies threats. Anti-Virus tools tag known viruses with a signature that uniquely identifies a specific virus. Then when scanning a system the software will a search a system to find and remove these threats.

The problem with this methodology is that viruses are morph and are created daily. Traditional anti-virus is only as good as its database of signatures, leaving endpoint systems exposed to zero day threats that have not yet been identified. EDR tools that aim to provide toolsets to detect and remediate these emerging threats.

EDR

EDR tools continuously monitoring endpoints for technical changes that occur at the system level. Providing admins intel on everything that that computer is doing, so they can formulate a chain of attack and respond.

As seen below, information provided in EDR detection timeline’s are focused on system level data to uncover a root kit being installed on an endpoint masked as legitimate software:

ObserveIT

ObserveIT takes a similar approach to detect an insider threat. The software will first identify common insider threat indicators, such as data exfiltration, privilege escalation, and careless behavior on an endpoint:

Then provides detailed information of exactly what took place , so that administrators can respond:

In this case, we see a user by passing security controls, connecting a USB drive, copying large amounts of company data to a personal dropbox account, and carelessly browses the deep web on a company laptop)

By analyzing user activity ObserveIT focuses on the root of the insider threat problem, people.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2120 Followers
About ObserveIT
ObserveIT is a user monitoring and investigation solution that identifies and eliminates insider threats. It continuously monitors user behavior and alerts IT and Security teams about activities that put their organizations at risk. ObserveIT provides comprehensive visibility into what all users are doing, while meeting compliance standards and reducing investigation time from days or hours to minutes.
Promoted Content
[report] 2018 Cost of Insider Threats: Global Organizations
According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million. It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically. Check out the full report to see The Ponemon Institute’s findings, and understand how to detect and prevent insider threats in the future.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel