Over the past couple of years, cyber security has been evolving and developing at a rapid rate. This can be attributed to the alarming increase in data breaches and cyber crime within the corporate world.

According to research conducted by IBM, there is a 29.9% probability that your organisation will experience a data breach within two years, and it will take, on average, 279 days before the  breach is identified and contained. They also go on to say that a clear relationship exists between the life cycle of a data breach and its total cost.

Earlier this year, Verizon also published a report with the following fascinating statistics: at least 52% of breaches featured hacking; while 28% involved malware; and 56% of breaches took months or longer to discover.

To add to this, the victims of breaches as well as those that are affected are predominantly in the public sectors, healthcare, financial industry or small business owners.

Endpoint detection and response (EDR) has become an integral part of corporate cyber security. However, before we dive headfirst into what this is, let’s take a step back.

Boland Lithebe, managing executive for CyberTech.

Before looking at EDR, we must consider the Endpoint Protection Platform or EPP. EPP comprises several technologies that can include anti-virus, host-based firewalls and data loss prevention, to name a few.

Traditionally, most organisations utilised anti-virus/anti-malware. If a program or file was identified as being “hostile”, the vendor would “reverse engineer” the behaviour of the file and create a “signature file”. The challenge is that it can take days or even weeks before this “signature file” is released to the user community. This increases the users’ and organisation’s vulnerability.

Today, anti-virus is no longer “signature” based. Anti-virus has evolved into what’s commonly referred to as next-generation anti-virus (NGAV). NGAV uses behavioural analytics to study the behaviour of your machines and devices and identifies anomalies and deviations to the expected behaviour with advanced endpoint security protection.

However, cyber criminals are not resting on their laurels and are forever looking for ways to sneak past your defences. The hair-raising fact is that this person might already be in your network or it might even be an insider.

This is where EDR comes into play. Martin Lubbe, system engineer for CyberTech, a division of Altron, states: “EDR can collect data for forensic and security investigations and allows a security team to react and respond accordingly. It also allows the security team to take that capability and hunt for threats across the organisation at any given time. EDR’s main focus is to actively hunt for security threats within your organisation.”

Boland Lithebe, managing executive for CyberTech, notes: “Our service offering comprises a host of managed services. One of these services is Managed Endpoint Security Services. Our bundled NGAV + EDR + SOC services offers your organisation unrestrained protection, incident response and forensic services capabilities. In addition to these services, the CyberTech team has the specialist’s skills, resources and infrastructure to manage threats and investigate suspicious behaviour 24x7x365 across all your endpoints.”

Cyber threats are almost inevitable, but having the correct cyber defences in place allows your business to be proactive to risks should a breach occur.