• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Managed Detection and Response   »   Customer Perspective: Catching the thief lurking in the shadows with EDR and MDR

Customer Perspective: Catching the thief lurking in the shadows with EDR and MDR

  • Posted on:August 12, 2019
  • Posted in:Managed Detection and Response, Security, Spotlight
  • Posted by:
    Trend Micro
0

A guest blog by Ian Loe, Senior Vice President, Cybersecurity, NTUC Enterprise Co-operative Limited

News flash: aided by time, persistence and smarts, advanced cybersecurity felons are leapfrogging traditional security systems to compromise confidential data. Realising this, we at NTUC Enterprise have been looking into new security technologies that help address these rising concerns. One of the key areas we have identified is how to better protect our endpoints and increase our visibility into what goes on within these devices.

Visibility, sharpened

With over 20,000 endpoints across PCs and IoT devices under the group to secure, and the potential to grow to 30,000 in the near future, we realise that incident detection and response is becoming critical. With so much at stake, we need a solution that provides constant surveillance – like a CCTV camera – to identify suspicious activities undertaken by a criminal.

Enter endpoint detection and response (EDR) technologies that can record and store queries, behaviors, and events on the endpoints. Picture this: a CCTV camera has the ability to capture movement across every corner and point of entry of a building. If someone surreptitiously breaks the lock of a door, disables the security alarm, or trespasses on commercial property, security personnel will get alerted by footage on these surveillance cameras.

Now let’s put that in the context of EDR. IT teams are able to go beyond just indicators of compromise and achieve high visibility into the nitty-gritty that’s going on. EDR also helps them to understand the multitude of different threats and attack types, allowing teams to correlate information and respond in a timely and effective manner.

For instance, EDR can help teams pinpoint how many devices in the organisation are using a particular piece of vulnerable software, or have accessed a bad domain. EDR stores these events in its memory repository and can identify the exact starting point of a criminal’s footprint to reconstruct the whole attack.

Swiftly detecting and removing a threat from an endpoint, or isolating an endpoint in a large network, can potentially thwart a large-scale infection down the line. This is what has drawn me to EDR in the beginning. By working with Trend Micro, my team can now understand the source, impact, and spread of advanced threats.

But technology is only part of the answer to the overarching situation.

Where are the cybersecurity personnel?

In the cyber world, detection and response is a set of processes that requires specialized skills and years of experience to handle. I think we can all agree on the fact that there is only one predictable thing about a cybersecurity professional’s day – its unpredictability.

Most of us in our field never have the same day twice, having to put on the hats of both defender and attacker. No security offering is complete without skilled intelligence to support it. In fact, an ESG survey reveals that 83 percent of organisations agree that using EDR effectively demands advanced security analytics skills. A lack of qualified candidates to fill these positions means that even if an organisation could justify the full-time staff, it is difficult to find them.

Put simply, the abundance of vulnerable businesses along with a lack of skilled cybersecurity personnel translates to more open doors for attackers to slip through – easily.

Managed detection and response (MDR) then comes into the picture to help organisations like ours ease the skills gap by providing 24/7 alert monitoring and threat-hunting capabilities from experienced cybersecurity professionals – powered by big data and AI technologies to detect anomalies faster.

For an organisation the size of NTUC Enterprise, the imperative is to achieve an effective security control posture, ensure compliance, and close known security gaps. By offloading the task to Trend Micro’s skilled MDR team, my team is able to focus on security projects that are important for the business and overcome staffing challenges.

For instance, I’m able to create custom alerts for significant assets within my environment when malicious or suspicious activity happens. Monitoring would be done via a follow-the-sun model within the region and in the US regardless of time zones, increasing responsiveness and reducing delays.

I’m also powered with insights from endpoint data that serves as the basis for root cause analysis – illuminating the path where the threat originally entered the endpoint (e.g. email, web, USB, application), and how it was executed.

Data – the brains behind visibility

By the end of the day, organisations want more visibility into every nook and cranny of their IT infrastructure. And what enriches visibility? Data. The industry is decidedly moving towards XDR, a form of data-powered defense that provides omnipresent, nuanced visibility into attacks.

We are more likely to be a victim of a cyber crime than any other criminal offence – let’s be prepared!

Related posts:

  1. Customer perspective: Five Questions with Essilor
  2. Customer Perspective: 5 Questions with Gentoo Group
  3. Customer perspective: Five questions with United Way of Greater Atlanta
  4. Customer Perspective: Five Questions with the Norman Alan Company

Security Intelligence Blog

  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection
  • December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.