Endpoint Protection Leads to Faster Response Times
Endpoint protection has become even more important in the age of remote work, says Michael Suby, research vice president for security and trust at IDC.
“The attack surface has expanded, and the endpoints are obviously very critical, because they’re the interface into business operations,” Suby says. “Where a stack of security controls and monitoring capabilities exists for employees in the office, the same is not present within the home environment. The visibility, prevention and protection capabilities that an endpoint security product provides is so important, because they compensate for what you don’t have in the enterprise environment now that people are working remotely.”
Burr says that CrowdStrike was critical to remediation, and that it was a “short trip” to deciding to keep EDR tools in place for the long term.
“It brings in a lot of telemetry, and it makes it easier to piece together evidence without going through multiple security tools,” he says. “It speeds up our response.”
The combination of EDR solutions delivers a sophisticated automated response to more common attacks, while alerting cybersecurity professionals about more nuanced or serious threats.
The university runs CrowdStrike and Defender alongside tools that protect against social engineering attacks, such as spear phishing and executive impersonation.
Burr says that the transition away from traditional anti-virus tools to a more sophisticated set of endpoint protection solutions has been “really fast,” in part due to requirements from insurance providers but also because so many schools now have firsthand experience responding to successful attacks.
“When you have to go from machine to machine, and you’re trying to correlate evidence, it can be challenging,” he says.