With the spread of COVID-19 (new coronavirus), the world is transitioning to a new normal. Telework has become the norm there, and not only back-office work and collaboration with teams, but also business interactions such as customers and business partners are becoming completed remotely. Among them, the increasing risk is “security incidents such as malware infection”.
Vulnerabilities (security shortcomings) are more likely to occur when administrators lose their oversight due to telework. And there is a possibility that cyber-attacks that take advantage of this will become rampant. Also, when BYOD is recommended for employees, there may be cases where the external environment is not fully managed. This time, we will introduce EDR, which is indispensable for security measures that you want to consider in the telework era.
What is endpoint security “EDR”?
Endpoint security (terminal defense) is a security measure to protect the endpoint itself and the information stored there from cyberattacks, such as anti-malware software installed on the terminals used by employees and firewalls that prevent unauthorized access.
Until now, solutions for endpoints have been effective to a certain extent, protecting terminals and internal networks from various cyberattacks.
Conventional anti-virus software basically refers to signature files that are regularly updated by the information security vendor that provides the software to detect and isolate malware that poses a threat to endpoints. In other words, detection is not possible unless the signature file, which is regularly updated by information security vendors, is updated.
In addition, malware is becoming more and more sophisticated, and recently there is something called “fileless malware (malware that does not have a file)”. In general, malware parasitizes files or exists as independent files, and users infect terminals by deploying those files. Fileless malware, on the other hand, does not depend on or need files. It is a cyber attack that deploys a program on the memory of a computer to do bad things.
Unlike general file-type malware, fileless malware is recognized as a highly dangerous cyber-attack in that it cannot be detected by conventional endpoint security such as anti-malware software.
New endpoint security measures are necessary to counter these next-generation cyberattacks, and EDR fulfills that role. EDR is an abbreviation for “Endpoint Detection and Response”, which means protection and response to terminals.
Sniffing out undetectable cyberattacks
How do you think we should detect “undetectable cyberattacks”? It’s like asking how you can find a stealthy attack aircraft that you can’t see or detect on radar.
The answer is “wait until you can detect it”.
Suppose your device is infected with malware without anyone noticing. At this point, it will be difficult to detect with any security system. But malware always takes action. Whether it’s to lock system files or infiltrate a corporate network, it requires some action. Your actions are then recorded in your computer’s activity log. In other words, if you can monitor your computer’s activity log and detect suspicious behavior, you can recognize malware from there. This is the principle of EDR.
In addition, EDR includes not only “protection of terminals” but also “response”. This means security personnel can pre-program how to respond to detected cyber-attacks such as malware.
By not only detecting cyber-attacks, such as disconnecting from the network, shutting down the relevant terminal, and promptly notifying system personnel, but also automating the response, an environment for more efficient prevention of cyber-attacks will be established.
It is said that “100% border control is impossible” for recent cyber attacks. In recent years, the importance of information security measures, in addition to preventing attacks at the edge of the water, has been increasing assuming that internal networks will be intruded. Therefore, EDR can be said to be endpoint security in line with reality in modern business security.
Security measures required after COVID-19
In post-corona business, where telework is expected to become the norm, endpoint security such as EDR is likely to become more important. The reason for this is that the risk of cyberattacks such as malware infection increases when work is carried out on the employee’s personal network. You can easily imagine that this is more difficult than enforcing security policies within a closed network. Next-generation endpoint security such as EDR is effective in such situations. In particular, EDR, which is a cloud-based service, collects activity logs related to security while monitoring the terminals of each employee who develops remote business in real-time and can constantly monitor the threat of cyberattacks such as malware.
Safe and secure information sharing with secure cloud storage
Box, the secure cloud storage, implements industry-leading security. For example, “Box Shield” is an advanced security solution that protects against information leaks such as cyberattacks. Box Shield enables businesses to automatically detect and control malware. Automatically alert when malware is detected on Box, restrict malicious file downloads and sharing, and notify IT and security departments. In the first place, security can be further improved by placing the important files to be targeted in cloud storage instead of on the endpoint PC.
Cyberattacks are becoming more sophisticated year by year, and security measures are also developing at a rapid pace. Please take this opportunity to combine EDR, which provides more advanced endpoint protection than antivirus, and Box, which implements even more advanced security protection for cloud storage, to take even higher security measures.
