With the adoption and proliferation of Internet of Things (IoT) and cloud/virtualization trends are on the rise, cybercrime is developing much faster. The threat surfaces have broaden significantly and security teams have to defend against sophisticated cyber-attacks, such as, Ransomware, Distributed Denial of Service (DDOS), Inside threats, Vulnerability exploits, Advanced Persistent Threats (APTs), Email phishing, to list few. Even though the attack surface has increased significantly but the security budget hasn’t especially for mid-to-smaller organizations. So many enterprises have been confused by the vendor’ claim that fits their narrative, should we say, a self-fulfilling prophecy? In some cases, enterprises have been made to believe that an Antivirus with Endpoint Detection and Response (EDR) solutions is good to enough to combat the current and growing security risks. This begs a question: Is this a viable strategy for protecting enterprises from today’s growing number of sophisticated cyber-threats?
The short answer is no. Even though, in some cases, organizations have built their security posture with these tools, enterprises continue to get breached and face malicious attacks causing data frauds on a day-to-day basis. The truth is that this doesn’t do the job. Though Security posture built around AV + EDR combo is a good start, it isn’t good enough to help protect organizations in this digital era.
Gartner defines EDR as tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) on hosts/endpoints. An EDR is used to determine threats / breaches on an endpoint device and responds to these threats with agents installed on each endpoint to collect data from many data sources and stores them in the central repository. Since data is relegated to these endpoints, same alert reported by multiple end points resulting in false positives and additional work. Moreover, antivirus solutions do not offer the necessary protection to keep the enterprise network and data secure. They lack the threat intelligence (no global context) and prevention capabilities necessary to even recognize modern day threats and breaches, much less remove them from the enterprise network. In summary, endpoint security that includes EDR and Antivirus, provides the capabilities necessary for maintaining the digital perimeter but falls short to provide the comprehensive cybersecurity to the enterprises.
Seceon aiSIEM™ is developed ground up to deliver “Comprehensive Cybersecurity for the Digital-Era”. It ingests raw streaming data – logs from all devices, OS, Apps and Services in the ecosystem (on-premise, cloud); Flows, such as, NetFlow, IPFIX, sFlow, jFlow from network infrastructure, and subscribes to identity management infrastructure, such as, Microsoft® Windows® Active Directory™ service, LDAP, DNS, DHCP, Azure AD, etc. This streaming platform has functionalities of traditional SIEM, SOAR, user and entity behavioral analytics (UEBA), Cloud Security protecting Cloud Compute (AWS, Azure, GC, etc.), Cloud Applications (Office365, Azure AD etc.), Cloud Platforms (PaaS), Network Traffic Analysis (NTA), Network-Based Anomaly Detection (NBAD), Intrusion Detection System (IDS), threat intelligence feeds for correlation and enrichment, advanced machine learning (ML) and AI with actionable intelligence. aiSIEM generates meaningful alerts with context and situational awareness and enhanced accuracy from the scores of threat indicators otherwise analyzed by the security experts. The platform provides comprehensive visibility of the enterprise’s ecosystem to proactively detect threats/breaches, automatically contains and eliminates the threats in real-time by pushing the policies on hygiene systems (like Firewalls, Email/Web Gateways, Microsoft® Windows® Active Directory™ service, Network Access Controllers, EDR, etc.), and continuous compliance to enhance an organization’s security posture and provides a zero-trust security in a digital era, while lowering SOC operational cost by more than 80%.
Below table shows the comparison of aiSIEM with AV + EDR Solutions: