EDR
Targeted attacks now represent one of the biggest threats to businesses. According to survey data, more than one-quarter of all companies worldwide have found themselves victims of targeted attacks. Recovery from a single targeted attack averages up to a million dollars. That is a very rough estimate; the actual costs vary by industry and region. In reality, both the number of victims and the cost of recovery could be much higher, because in many cases these attacks are carried out covertly and discovered much later than they actually occur.
These types of threats are called “targeted” because the attacker first conducts research about the target, identifying hardware — which computers are used — and installed software. Then the attacker looks into the arsenal of instruments available to penetrate this specific ecosystem (for example, exploiting unpatched software vulnerabilities), and either uses readily available tools or compiles specific ones using (rather long) lists of libraries, many of which are legitimate by themselves. This makes such an attack hard to detect, especially in the early stages of penetration, when no malicious activity is seen at all.
But the good news is that there is no such thing as undetectable intrusion. Every action leaves traces. Sometimes the traces are indistinguishable from legitimate activity and evade the eye of a human operator. That’s where machine-learning algorithms come in, in the form of detection and response solutions. Do you think you would notice minute differences in the activity within your network without machine-learning algorithms? And not just notice a threat, but also hunt it down, understanding whether it’s focused on you or if you’ve taken collateral damage? Take our quiz and see for yourself.
Tips