An additional layer of deep learning enabled EDR needed for POPI

0
133

Pieter Nel | Regional Manager SADC | Sophos | mail me |


For any South African organisation, the best way to prepare for POPI is to implement a solid data protection strategy that guards against loss of data whether through malicious or accidental methods.

Creating a data protection strategy can be a daunting process, especially if it hasn’t previously been a focus area for organisations. Securing against major threats that cause data breaches is a great place to begin.

The best endpoint technologies will protect organisations against the majority of malware and threats impacting their organisation. But as the threat landscape evolves and cybercriminals continue to morph attacks and work to find new security holes to access organisations, the unknown minority becomes important. Endpoint detection and response tools are about detecting that minority.

Endpoint Detection and Response (EDR) tools are built to supplement endpoint security with increased detection, investigation, and response capabilities. As POPI plays a major role in ongoing business requirements in South Africa, the need for these capabilities is all time high. However, EDR tools can make it difficult to understand how exactly they can be used and why they are needed. Making matters worse, today’s EDR solutions often struggle to provide value for many organisations as they can be difficult to use, lack sufficient protection capabilities, and are resource intensive.

The good news is deep learning enabled EDR tools provide the easiest way for organisations to answer the tough questions about security incidents.

The ways how deep learning enabled EDR tools can help organisations to be prepared for the POPI act:

EDR helps in generating clear view of an organisation’s security posture

The hardest question for most IT and security teams is ‘are we secure right now?’

This is because most networks have sizable blind spots that make IT and security teams struggle to see what is going on inside their environments. Lack of visibility is the primary reason why organisations struggle to understand the scope and impact of attacks. This often manifests itself when an incident occurs and the team assumes they are safe because that incident was detected. Deep learning enabled EDR provides this additional insight as well as determines if other machines were impacted.

Generating a clear view of an organisation’s security posture provides the benefit of being able to report on POPI status. This information will help identify areas that may be vulnerable to attacks. It also allows administrators to determine if the scope of an attack has impacted areas where sensitive data is housed.

For example, if malware was detected that exfiltrated data out of the network, an analyst would need to determine if impacted machines housed information that was subject to POPI. This would be a much simpler exercise with deep learning enabled EDR. As an added compliance benefit, it would also be much easier to demonstrate that information is being protected thanks to increased endpoint visibility.

It provides additional layer of detection

When it comes to cybersecurity, even the most advanced tools can be defeated given enough time and resources, making it difficult to truly understand when attacks are happening.

Organisations often rely solely on prevention to stay protected, and while prevention is critical, EDR offers another layer of detection capabilities to potentially find incidents that have gone unnoticed.

Organisations can leverage EDR to detect attacks by searching for indicators of compromise (IOCs). This is a quick and straightforward way to hunt for attacks that may have been missed.

It increases response time to potential incidents

Once incidents are detected, IT and security teams usually scramble to remediate them as fast as possible to reduce the risk of attacks spreading and to limit any potential damage.

On average, security and IT teams spend more than three hours trying to remediate each incident. EDR can speed this up significantly. However, with deep learning enabled EDR, security teams of all skill levels can quickly respond to security incidents thanks to guided investigations that offer suggested next steps, clear visual attack representations, and built-in expertise.

It adds expertise without adding headcount

By a large margin, organisations looking to add endpoint detection and response capabilities cite ‘staff knowledge’ as the top impediment to EDR adoption.

To combat the staff knowledge gap deep learning enabled EDR replicates the capabilities associated with hard-to-find analysts. It leverages machine learning to integrate deep security insight, so you can add expertise without having to add staff.

It helps in understanding how an attack happened and how to stop it from happening again

Threat cases, included with EDR, spotlight all the events that led up to a detection, making it easy to understand which files, processes, and registry keys were touched by the malware to determine the impact of an attack.

More importantly, by understanding the root cause of an attack, the IT team will be much more likely to prevent it from ever happening again.


 

Advertisement