Danny Browning, VP of Product
November 8, 2022
What is Endpoint Detection and Response?
Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution, that combines real-time continuous monitoring and endpoint data collection with automated response and analysis capabilities. The term was created by Anton Chuvakin, Research Director at Gartner for Technical Professionals Security and Risk Management Strategies team, to describe emerging systems that enable security teams to quickly identify and respond to threats thanks to a high degree of automation.
At its core, EDR is aimed at:
1. Data collection and monitoring from potentially compromised endpoints.
2. Subsequent data analysis and threat pattern identification.
3. Automatic response to identified threats and security staff notification.
4. Employment of forensics and analysis tools to research identified threats.
What Is DuskRise’s Far Edge Solution?
The evolution of the modern workplace has extended corporate network perimeter and put enterprise security teams in front of three major issues: the invisibility of the off-premises networks, an increased attack surface, and a higher risk of IT breaches. Organizations have adopted EDR and virtual private network (VPN) solutions to counter these problems. However, both of the latter can be bypassed or compromised, ultimately granting unauthorized parties access to enterprise crown jewels. Untrusted networks that remote employees are connecting to make attacks like lateral movement easy to execute while staying undetected by the SOC personnel.
DuskRise has taken a new approach, extending corporate network security policies to untrusted networks through the use of mobile hardware access points with edge computing capabilities. With a defense-in-depth approach, these access points add key security features to cover the new attack perimeter.
The integration of the DuskRise solution allows organizations to create a secure enclave inside any network to limit the ease at which attackers can access remote employees’ devices. The IoT hardware device can also perform connection inspections, securing remote workers’ devices in situations where endpoint security might be compromised. This way, DuskRise helps the modern enterprise to minimize the risk of lateral movement attacks and enforce policy at the edge of the network.
By utilizing the far edge, Dogma performs detection and monitoring that is excessively hardware intensive to run on an employee’s endpoint, as well as detection and monitoring on devices that do not have EDR, such as BYOD devices, or devices like lab equipment that cannot install EDR.
How Can Dogma Be Used Together With EDR?
Dogma and EDR complement each other well in the first stage of initial access, and the final stage of impact, providing value at different phases of the attack lifecycle, as described by MITRE ATT&CK. EDR can protect against privilege escalation, security evasion, and credential access, while Dogma is better suited for lateral movement, command and control, and data exfiltration cases. However, there are also areas where the solutions overlap, as Dogma can identify multi-factor authentication interception and request generation, and EDR can detect replication via removable media.
When Should Dogma Be Used Instead Of EDR?
Thanks to its ability to intercept command and control behavior and prevent data exfiltration, Dogma allows security teams to detect and block attacks in cases where bad actors manage to bypass EDR. When it comes to protecting multiple devices on an unsecured network, Dogma is particularly effective with its network segmentation and lateral movement prevention capabilities.
The DuskRise platform also has an advantage over EDR when dealing with privacy or confidentiality concerns associated with data collection performed by EDR solutions, as Dogma does not require access to privileged data and processes.
While it is possible to deploy and use Dogma and EDR in combination, EDR on its own can have significant limitations when it comes to securing BYOD devices and specialized hardware without built-in security features.
The corporate network perimeter has been extended into untrusted networks, redefining the enterprise edge. Employees working from home are using these networks to access sensitive company assets, putting organizations at risk of lateral movement attacks. The DuskRise solution enables corporate security and segmentation policy management, extending office-grade protection to remote assets and users.
Schedule a demo today to see how it works.