Consistently, antivirus (AV) testing shows that malware circumvents nearly all of the best NGAV solutions. How? One way is that adversaries can conduct reconnaissance to determine which NGAV you're using. They then obtain and deploy malware that's specifically designed to get past your AV software.
By monitoring for anomalies, Endpoint Detection and Response (EDR) tools detect malicious activity perpetrated by Advanced Persistent Threats (APTs) and fileless malware, also known as living-off-the-land. EDR tools attempt to contain the attack and curtail its spread across the entire network—all while enabling security team members to formulate an incident response and investigate the threat source.
Research shows that over 50% of attacks use fileless malware to evade NGAV solutions. While EDR data can help security teams and MSPs detect and respond to attacks, organizations struggle to hire and retain the number of people needed to investigate threats and manage responses.
To help security analysts focus on the most crucial alerts first, EDR tools use risk scoring (critical, high, medium, and low). While scoring is valuable, the reality is that a significant gap exists between detection and prevention on endpoints. Unfortunately, this is true for all organizations—from small- and medium-size companies that cannot afford a full-fledged security team or enterprises with robust cybersecurity departments.
Bottom line, organizations need solutions that truly prevent endpoint data breach attempts. Only then will cybersecurity team members have more time to focus on adversaries that move laterally, searching for targets of even higher value, such as servers.
If you're a small or medium-size organization without a security team, don't worry. Cigent Dynamic Data Defense Engine™ (D3E) for Windows 10 is easy to use and manage. Combine D3E with your AV solution of choice—BlackBerry Cylance, Cisco AMP, Crowdstrike, McAfee, SentinelOne, VMWare Carbon Black, Windows 10 Security, or other—for a comprehensive endpoint security solution that maintains compliance and prevents data theft on endpoints with ease.
D3E includes threat detection sensors. When an attack is detected, your data is protected instantly, and remains so until the threat is cleared. Data you consider ultra-sensitive, can be configured to remain protected at all times, whether an attack is detected or not.
If you're an enterprise, organization, or managed service provider—and you use EDR—you can count on D3E to protect endpoint data. As a result, the attack surface is reduced and your security team has more bandwidth to focus and optimize its efforts.
When used in conjunction with NGAV and EDR, D3E steps up data security dynamically, whenever an endpoint attack is detected. D3E also protects all endpoints associated with a threatened endpoint, such as the user's workgroup, department, or division. Once threats are cleared, D3E returns the data protection level to its normal state—automatically. In addition, an SOC analyst can manually activate protections on endpoints they know, through threat intelligence, are likely targeted.