التكنولوجيا وأخبارها بوابة مصر لأخبار تكنولوجيا المعلومات والإتصالات
More than a quarter (28%)of companies that have implemented an Endpoint Detection and
Response (EDR) solution havebeen able to detect cyberattacks in just a few hours or even
almost immediately after an incident happened. This is higher than the overall results, as
on average only 13% of businessesin the META region responded that way. This is the
findings of the Kaspersky IT Security Risks Survey.
Timely detection of a cyber-incident is essential to reduce losses from a cyberattack. The
longer that cybercriminals can stay unnoticed in a corporate network, the more data they
can gather and the closer they can get to critical company assets. Reducing ‘dwell time’
allows businesses to contain a cyberattack before it can cause substantial damage.
In a survey of IT business decision makers commissioned by Kaspersky in 2019,
2,961companiesaround the world were asked how long it took them to discover a
cyberattack that they experienced in the previous year. Detailed analysis of the given
responses has revealed that there is a strong correlation between EDR implementation and
dwell time.
Among the companies that use EDR, 28% confirmed that it took them several hours or less to find an attack. Of this group,14% detected an attack almost immediately, which is
higher than the average result of 6%. Meanwhile,14% discovered the incident within a few
hours, in comparison to7% of overall respondents. Only 8% of EDR users said that it took
them several months to identify that they were under attack.
However, the largest number of respondents estimated that detection took them several
days, whether they have EDR in place or not.
“EDR provides a greater level of discovery and visibility across endpoint infrastructure
andfacilitates effective root cause analysis, threat hunting and fast incident response. At the same time, EDR automates the routine tasks analysts may face in detection and
response-processing activities.However, as the statistics show, for some respondents EDR doesn’t help to reduce an attack ‘dwell time’. The reason may lie in the fact that alerts on
suspicious activity require security analysts to investigate and decide if an action poses danger. So, in companies without internal expertise tohandle complex incidents, the use of
a feature-rich professionalsolution may not bring the desired effect,” comments Yana Shevchenko, Senior Product Marketing Manager at Kaspersky.
Kaspersky offerstwo EDR-class solutions that meet the requirements of different types of
customers. For IT-security matured enterprises, Kaspersky EDRprovides IT security experts with advanced threat discovery, deep investigative capabilities powered by threat
intelligence and MITRE ATT&CK framework mapping, threat hunting and a centralized response to multi-staged complex attacks. Kaspersky EDR Optimum provides core EDR
capabilities – including better visibility into endpoints, simplified root cause analysis and automated response options – to organizations with limited resources and cybersecurity
expertise.
