Kaspersky is advising businesses to be wary of next-generation and firewall vendors promoting Endpoint Detection Response (EDR) solutions for the protection of dispersed device networks, warning that they might not provide the same level of protection against rising threats as a comprehensive Endpoint Protection Platform (EPP).
The cybersecurity expert says that while these players have strengthened their solutions through the acquisition of EDR companies, many don’t offer the ‘must have’ features of a full EPP solution, like device and application hardening, and can be heavily reliant upon behavioural detection, which should be just one part of a multi-layered EPP solution.
Kaspersky says it is raising the problem now because the steep rise in remote working has seen incomplete solutions being sold as a silver bullet.
It points out that prior to the onset of COVID-19, 61% of businesses cited staffing limitations as the reason they weren’t adopting EDR. Yet, just months later, Kaspersky research found that 73% of workers hadn’t received any additional IT security awareness training after a mass migration to homeworking and ‘panicked’ adoption of EDR.
The risk, says Andy Bogdan, Head of UK Channel at Kaspersky, is that IT teams facing more alerts than ever won’t know how to filter them properly, resulting in wasted time and resources and heightened risk of a serious red flag being overlooked.
He said: “Just because some vendors are shouting loudest doesn’t mean they’re looking after a business’ best interests, and that’s why it’s critical that businesses enter into a conversation that begins with discussing what they need. More often than not, they’ll find they need a solution built around, or integrated with, training and skills development.”
To this end, Kapsersky offers the option of training with all its EDR solutions, including Kaspersky Endpoint Detection and Response, which will help to pinpoint threats to devices, and Kaspersky EDR Optimum, which provides customers that have limited expertise in cybersecurity with further EDR capabilities, including better visibility into endpoints, simplified root cause analysis and automated/manual response options.
Where budgets, time and resources are limited, it suggests, a service provider model might be the best option.