- Bitdefender Endpoint Detection and Response is our new EDR product that supplements any third-party endpoint security solution
- GravityZone gets a new executive dashboard and an enhanced SIEM connector
- All Bitdefender EDR products now feature custom EDR detection rules capabilities
Bitdefender EDR monitors your network to uncover suspicious activity early and provides the tools to enable you to fight-off cyber-attacks. You can watch our on-demand webinar to learn more about EDR and our other improvements
We’ve been doing antivirus for years – anti-malware companies have always said that they can’t guarantee 100% prevention. Protection and prevention measures keep getting better and better. Next generation approaches like machine learning and sandbox help, but it’s still an arms race. The attacker has the element of surprise and only needs to get it right once – you have to get your defenses right 100% of the time to stop breaches.
What if all your prevention efforts fail?
Cyber-attacks that manage to elude your prevention mechanisms can go unnoticed for weeks or even months. The consequences of late-discovered breaches can be serious with long-lasting and expensive negative impact on your business. Endpoint Detection and Response tools are the best answer to this security challenge - acting as a complement to prevention measures. Adding EDR helps organizations to effectively respond to all phases of a sophisticated attack. EDR is mainly concerned with what’s to the right of the red dotted line on the attack chain below:
Figure 1: The Cyber Kill Chain
EDR solutions bring additional visibility and insight on what is happening on your endpoints and also enable your security team to respond, quickly, to any cyber threats detected.
You may have read Liviu’s blog where he wrote about an apt-as-a-service gang – basically rent-an-advanced-persistent-threat. In this case, the attack was being used to target real estate agents to steal valuable data that could allow a competitor to gain an advantage. This service puts sophisticated, nation state level attacks in the hands of anyone that can pay for them. This means that as these sophisticated methods are becoming accessible to anyone with the resources to pay to steal your data - you need to consider that these types of attacks could be used against your business. Even if your organization is small, you may have large customers or partners. You could even be the bait, the sprat to catch a mackerel - a component of a larger criminal strategy. How could a breach originating from your network affect your standing with your most important customer or business partner?
This APT-as-a-service attack is also a useful example that we can use to compare prevention (endpoint protection) with EDR (endpoint detection and response) capabilities.
Figure 2: APT-as-a-service
In the grey circles to the left of the page, are the preventative measures that Bitdefender uses to stop the attack in the early stages. Antimalware detects and stops the first payload – it’s still a valuable first line of defense. Of course, with traditional antimalware, that requires that someone else has already been infected with this first payload, so that a signature can be produced that will stop further infections. Compare this to Process Inspector – this is next-generation technology that stops never-been-seen before threats at the on-execution stage by monitoring and stopping malicious behavior.
Now, if we look at the blue circles we can see some of the EDR detections. MITRE alerts, where credentials are being stolen and exfiltration attempts where the criminals are trying to get those valuable data out of the organization.
The point I making here is that you need a range of approaches - prevention, detection and response, so that if in the small number of cases that your prevention measures fail, you’ll still be able to react quickly to stop the breach.
At Bitdefender, we believe that a comprehensive approach is the best for endpoint security.
For years we’ve had a fully-featured EDR solution contained within Bitdefender GravityZone Ultra. Rather than having multiple, stand-alone security solutions, stacked one on-top of the other, there are lots of benefits to choosing an integrated EPP and EDR solution.
So why this new dedicated EDR product from Bitdefender?
But there are reasons why some customers want to buy standalone EDR and you need the choice. Gartner, in their Market Guide for Endpoint Detection and Response Solutions published in Dec 2019 think the market is moving from choosing separate endpoint protection (EPP) and EDR to combined EPP and EDR bundles – “by the end of 2023, 50% of enterprises will have replaced older AV with combined EPP and EDR bundles”.
Now, Bitdefender is ahead of the market because we’ve been successfully selling combined EPP and EDR with GravityZone Ultra for the last few years. However, the end of 2023 is over 3 years away, and even then, only 50% of enterprises will have switched to combined bundles. That’s a considerable section of the market that up until this point we haven’t been able to address. With our new product we are now able to provide customers with the option of a dedicated EDR that works alongside any 3rd party anti-malware solution.
Those are just some of the reasons why we’re launching our new standalone EDR product today.
If you’d like some more technical detail you can view the release notes.