Practice Three: Leveraging Endpoint Detection and Response in Cyber Risk Management

Endpoint Detection & Response

In an era when cybersecurity threats are ever-evolving, businesses and organizations must continually adapt and innovate to protect their critical assets. “One tool increasingly seen as a vital component in cybersecurity readiness is endpoint detection and response,” said Ken Morrison, Assistant Vice President, Cyber Risk Management, at Travelers.

Endpoints are devices that communicate back and forth with a network. These devices can include computers (such as desktops and laptops), mobile devices (such as smartphones and tablets), servers and other network-connected devices like printers and Internet of Things devices. Endpoints serve as the points of entry and exit within a network, allowing data to flow in and out.

According to Morrison, in the context of cybersecurity, “endpoints are often considered potential vulnerabilities since they can be exploited by bad actors. Ensuring the security of endpoints is a critical aspect of network defense, as vulnerabilities in any single device can potentially put the entire network at risk.”

An endpoint detection response (EDR) solution helps protect businesses and organizations of all sizes against malicious attacks and can provide far greater capabilities than a traditional antivirus solution. EDR is a security solution that looks not only at an organization’s software, but also at user behavior on its system. It analyzes what each user does, and if there is anything suspicious, it can shut that user down and send an alarm.

From a practical standpoint, EDR is typically managed by a service provider. Morrison noted, “Adopting EDR requires careful planning and consideration of your organization’s unique needs. Working with cybersecurity experts and vendors specializing in EDR can ensure a tailored solution that aligns with your specific requirements and existing infrastructure.”

Additional benefits of EDR:

• Real-Time Protection: EDR’s continuous monitoring helps identify and neutralize threats quickly.
• Compliance and Governance: EDR assists in maintaining compliance with various industry regulations and standards.
• Enhanced Analysis and Forensics: Post-incident investigations are made more manageable with EDR, as it collects valuable data that helps in understanding the nature and extent of an attack.
• Remote Work Security: With the rise in remote work, securing endpoints outside the traditional network has become essential, and EDR extends the security parameters to these devices.

EDR is more than just a technology; it’s a strategic asset in a broader cyber risk management program. By providing real-time insights, enhancing compliance and integrating with existing security measures, EDR helps fortify an organization’s defense against the complex landscape of cybersecurity threats. Risk managers seeking to elevate their cyber risk posture should strongly consider integrating EDR as part of their cyber readiness strategy.