A New Approach to Strengthen Your Cybersecurity
When it comes to cybersecurity, small and midsize businesses have relied on anti-virus, firewalls, multi-factor authentication, and DNS/Web filters to protect their networks and data from malicious activities. Each of these services play an important role in reducing the exposure to unwanted intrusions and virus attacks.
The protections listed in the previous paragraph serve a different purpose, for instance:
1. The anti-virus software scans files for viruses automatically, or on demand, when they reside in a hard drive, or inside an external drive which was just connected to the computer, etc. Anti-virus software requires the proper license to ensure virus definitions are updated as needed to ensure it can identify the most recent viruses known.
2. Firewalls (Physical and Virtual) are devices or services that act as barriers between the business network and the Internet. The main purpose of the Firewall is to keep dangerous traffic outside the business network. Nowadays firewalls don’t just block ports, they also perform intrusion prevention, allow blocking connections to and from specific geographic location, and perform deeper inspections of the data coming in from the Internet. Like anti-virus, Firewalls also require maintenance to ensure services provide the required protection. Virtual Firewalls are now used to protect cloud based hosted services.
3. Multi-factor authentication is a service that requires users to provide at least two different forms of verification in order to access the business network; it can be something the user knows, i.e., password; something the user has, i.e., a code sent via text to a telephone; and something the user is, i.e., biometrics (finger print, voice, etc.)
4. DNS/Web Filter services are usually cloud based and are capable of filtering the Internet to block malicious and undesirable web content such as pornography, gambling, gaming, and dating sites, etc.
But even with these known mechanisms, malicious acts continue to plague business networks across the world. By exploiting weaknesses in the security of a network, hackers can still get past these barriers and place software to encrypt data, siphon information out, steal login credentials, etc. For this reason, network administrators need to continually look for new ways to protect their network and information.
Thus, End-User Detection and Response (EDR) comes into the picture. EDR’s main goal is to quickly identify threats that bypassed other security systems and services (such as your anti-virus!) before incidents escalate. EDR does not substitute the need for an anti-virus; on the contrary, it complements it. EDR software monitors the user behavior; in other words, it looks for things that are out of the ordinary in the user’s computer. For instance, if an unknown program is installed in the computer, EDR will detect it, isolate it from the network to prevent further harm, and will notify the network administrator for further action.
Most EDR on the market today provide advanced analysis, threat intelligence, and human expertise. Call us today at (915) 587-7902 if you want to learn more about EDR.