This approach, sometimes referred to as extended detection and response, or XDR, “integrates data across not just endpoints but across networks and cloud environments,” says Fadi Fadhil, SLED field CIO at Palo Alto Networks.
Such solutions “provide really comprehensive visibility and faster detection and response for sophisticated threats,” Fadhil adds.
Artificial intelligence also plays a role in modern EDR solutions. In K–12, AI endpoint security “can guide remediation efforts and help IT teams understand contextually what is happening, wrapping in better context on the identities that are being used in these attacks,” says Cristian Rodriguez, field CTO for the Americas at CrowdStrike.
By making sense of complex security information, AI helps resource-constrained K–12 teams “understand what’s happening, in layman’s terms,” Rodriguez says. “It really simplifies and helps them interpret the data.”
Modern EDR systems use such capabilities to home in on identity, which can make it easier for defenders to target their responses effectively. For example, they can flag login attempts that come from unlikely geographic locations. “That could be one indicator of something that’s different, an outlier,” Rodriguez explains.
MORE ON EDTECH: Identity management makes schools less vulnerable to cybercrime.
How Are Modern EDR Tools Benefiting Schools?
For K–12 schools, modern features in EDR promise a range of benefits. Most important, they offer a defense against the growing threat of ransomware. With real-time detection and containment capabilities, “you ensure that ransomware doesn’t spread across network devices and network components,” Fadhil says.
Additionally, the automated nature of these technologies allow IT teams to work more effectively. “When you’re simplifying the IT workflows with a centralized management tool, it’s easier for small IT teams to monitor and manage threats without being overwhelmed,” he adds.
A platform approach to EDR gives defenders a consolidated view. That’s key to cyber effectiveness, Rodriguez says.
DISCOVER: What does a single pane of glass do for K–12 network management?
Rather than managing multiple disparate tools, “this view shows me that something bad is happening,” he explains. “Where is this asset? ‘It’s in the cloud.’ What identity is being used? ‘This is the identity.’ Now I can one-click remediate or have a workflow that does that for me.”
For K–12 schools with limited IT staff, “EDR tools act as a force multiplier. They help IT teams detect, isolate and remediate threats quickly,” Gierke says. Modern EDR tools “protect sensitive student and staff data from cyberthreats, including malware attacks, ransomware attacks and insider threats.”
Endpoint Protection Best Practices for IT Administrators Using EDR Solutions
A number of best practices can help IT leaders in K–12 maximize the return on their EDR investment.
First, evaluate the options thoughtfully. Modern platform solutions go wider and deeper than conventional EDR. “See how it fits in with the rest of your existing infrastructure,” Fadhil says. “You’re going to need it to integrate with your existing cybersecurity posture and toolset.”
KEEP READING: Sandbox technology should be one piece of a K–12 security plan.
Next, know your landscape. “Understand the specific threats that your environment faces, and ensure your EDR or XDR solution is aligned with your school’s unique requirements,” Fadhil says. Consider on-premises devices, remote logins and cloud implementations.
Finally, it’s important to couple EDR with a formal incident response plan. “I have EDR on all of these systems. Now, what do I do when something bad is detected? Build a program or a framework that allows for very quick remediation,” Rodriguez suggests.
EDR with modern capabilities offers crucial support to K–12 IT departments charged with defending their schools from cyberattacks. Platform-scale visibility, AI insights and other advances can all be force multipliers, empowering IT teams to be more effective in protecting operational systems and school data.
