Most security solutions for small and medium-size businesses exist simply to prevent malware from running on a workstation or server \u2014 and for years, that was enough. As long as an organization could detect cyberthreats on end devices, it could arrest the spread of infection over its network and thus protect the corporate infrastructure.<\/p>\n
Times change. A typical modern cyberattack is not an isolated incident on one employee\u2019s computer but a complex operation affecting a sizable portion of the infrastructure. Therefore, minimizing the damage of a modern cyberattack requires not just blocking malware, but also quickly understanding what happened, how it happened, and where it could happen again.<\/p>\n
Modern cybercrime has evolved such that even a small company might reasonably fall prey to a full-featured, targeted attack. To some extent, that\u2019s a result of the increasing availability of the tools needed for a complex, multistage attack. Also, however, criminals always try to maximize their profit-to-effort ratio, and ransomware operators really stand out in that regard. Lately, we\u2019ve seen true research and lengthy preparation for ransomware operations. Sometimes, operators lurk in a target network for weeks, exploring the infrastructure and stealing vital data before striking with encryption and ransom demands.<\/p>\n
A small business may instead serve as an intermediate target in a supply-chain attack \u2014 attackers sometimes use the infrastructure of a contractor, an online service provider, or a small partner to assault a larger organization. In such cases, they may even exploit zero-day vulnerabilities, which is normally a costly option.<\/p>\n
Ending a complex, multilevel attack requires a clear picture of how an attacker penetrated the infrastructure, how much time they spent inside, which data they may have accessed, and so forth. Simply deleting malware would be akin to treating a disease\u2019s symptoms without addressing its causes.<\/p>\n
In enterprise-level companies, the SOC, IS department, or an outside party performs such investigations. Big companies use EDR-class solutions for that. Limited budgets and staff tend to place those options out of reach of a small business. Small businesses still need specialized tools, though, to help them respond promptly to complex threats.<\/p>\n
Setting up our SMB solution with EDR functionality doesn\u2019t take a security expert \u2014 the updated Kaspersky Endpoint Security Cloud Plus offers improved visibility of the infrastructure. The administrator can quickly identify the paths a threat uses to spread, view detailed info on affected machines, quickly view the details of malicious files, and see where else the files are currently used. That helps admins promptly detect all threat hot spots, block the execution of dangerous files, and isolate affected machines, thus minimizing potential damage.<\/p>\n