What is threat hunting and why we need it now ? Threat hunting designates all the activities conducted by a threat hunter or a cyberthreat analyst in order to find hidden persistent threats inside an organization’s infrastructure. Abnormal events such as a connection to an unknown server, access to a sensitive process memory or a DLL injection are some examples of what a [...]
The offer of cybersecurity solutions and in particular endpoint protection is increasingly abundant. Each publisher offers new approaches according to its vision of actual trending threat. These solutions are then categorized by analyst firms such as Gartner, Forrester or KuppingerCole. It is increasingly difficult to judge the relevance of a type of solution to a specific context in view of the overlaps that there may be between the different types of solutions.
In this article we will help you see more clearly in the ocean of EDR (Endpoint Detection and Response) by giving you the 10 main questions to ask yourself in order to know if an EDR is relevant or even essential in the context of your company or organization.
The 10 questions to ask yourself to judge the relevance of an EDR:
- Do I see in my context more and more threats slipping through the cracks?
- Do I have the feeling of not seeing or measuring everything that happens on workstations and servers from a cyber threat point of view?
- Do I have the feeling that despite the protection I have on my endpoints, dormant or discreet threats are still operating?
- During the last incident, did I have difficulty investigating and identifying the cause of an attack or threat?
- Am I having trouble identifying and managing the vulnerabilities available on the software installed on my endpoints?
- Am I having trouble managing an incident that occurs on several workstations at the same time or even on different geographical sites?
- Am I having trouble implementing usage-specific hardening rules in my company or organization?
- Am I having trouble ensuring the resilience of my Information System by returning to a stable state following an attack?
- Am I having trouble reducing the workload required to manage and maintain my current endpoint protection solution?
- Does my business or sectoral context increasingly require me to take into account the aspects of sovereignty and personal data protection?
If you answer yes to most or all of the questions, know that it is exactly for these reasons that endpoint protection has evolved into Endpoint Detection and Response type solutions. These, and in particular the Nucleon Security EDR, allow you to cover these aspects and more.