Questions ?

EDR | Multifactor authentication | SIEM

Back

EDR | Multifactor authentication | SIEM

So that the resources of your company are entirely devoted to its prosperity (and not to fixing the broken pots), make sure to secure all the components: its infrastructures, its cloud, teleworking… and the future.

Here we offer you solutions like EDR , Multifactor Authentication and SIEM to protect yourself from threats that are so far unknown.

To illustrate this notion a little better, let's take the example of tornadoes: we know this phenomenon well, since we have been studying it for a long time. Therefore, today, in addition to being able to predict their formation, we are building houses that are more resistant to high winds in areas at risk and we know exactly what to do to stay safe when they are unleashed. But would we still be ready to face new kinds of tornadoes, which we have never faced before, such as tornadoes of fire or poison gas?

This is the case with computer security: various solutions (such as the firewall) provide effective protection against threats with which they are familiar (tornadoes). However, these same solutions will not succeed in identifying and neutralizing the new threats whose signature is until now unknown (tornadoes of fire or toxic gases).

This is where EDR , multifactor authentication and SIEM come into play : together, they will succeed in thwarting new threats.

RGO02-A-content-shape
RGO02-A-content-shape

EDR solutions: to put an end to ransomware

To ensure the east-west security of your IT and your networks, in the era of teleworking, the implementation of EDR solutions (Endpoint Detection and Response) on your server and your various workstations has become a new standard. Indeed, more and more devices, such as smartphones and laptops, connect to your company's networks, often remotely, which increases the risk of cyber attacks, such as ransomware.

In 2019, around 184 million ransomware attacked individuals, SMEs, large corporations, renowned universities, and government and banking institutions around the world, causing major losses in terms of data, money and time. Indeed, collectively, ransomware-hit governments, education and healthcare institutions in the United States alone suffered losses of US $ 7.8 billion that year.

EDR is the best way to protect yourself from ransomware.

Depending on the size of the company, its importance and its turnover, the perpetrators of this type of cyberattack can demand ransoms ranging from a few thousand dollars ... to several hundred thousand dollars. Ransoms even exceed the million mark.  

However, the losses incurred are not limited to the value of the ransom. By no longer having access to their data for a long period of time, companies and government authorities thus trapped see their activities diminish or come to a complete stop.

Striking examples

In June 2020, the University of California, San Francisco, resolved to pay a ransom of US $ 1.14 million to recover sensitive medical school data seized by hackers.

In 2017, WannaCry attacked more than 200,000 computers around the world. Multinationals, hospitals and governments were among the victims of this ransomware , which caused global losses estimated at several hundreds of millions of dollars.

Ransomware does not discriminate: it attacks SMBs as well as large companies. However, hackers and government agencies remain popular with hackers because of their lucrative potential.

The differences between EDR and traditional antivirus

EDR

Rather than relying on a database, the EDR analyzes network behavior 24 hours a day. It monitors processes and all activities in real time, in order to detect any suspicious behavior.
The strong point of this principle?
Using this behavioral analysis approach, EDR can step in and prevent attacks directly at the source (even those unknown to date) as well as detect malware that does not use known signatures. An operation impossible to achieve for a traditional antivirus, which relies on the analysis of files to identify threats.

Antivirus

Identifies and removes threats using a database of files recognized as malicious.

The weakness of this principle?
Cyber attacks grow and become more complex on a daily basis, so the database is never really up to date. Results? Your antivirus may not catch some malicious files, such as ransomware.

Icon

Protect yourself more :

Replace your antivirus with an EDR right now!

The advantages of EDR

Defend yourself against ransomware

Unfortunately, ransomware is so prevalent today, wasted money and time, so some companies never fully recover. EDR can detect a large portion of ransomware (whether known or unknown) and neutralize it before it causes too much damage.

Prevent attacks

EDR analyzes the behavior of your network and connected devices to isolate the threat even before it attacks your resources.

Neutralize the threat in real time

Autonomous and in real time, the EDR immediately neutralizes detected threats.

Continue your activities even in the event of an incident

You will be able to have your systems at all times, even if they are the victims of an attack. The EDR will do its job, while you will do yours.

Save money

Since ERD allows you to access your network even in the event of an attack and you can continue your activities regardless, you will minimize the financial losses of operations.

Create effective action plans

While it lists all the past incidents and the actions taken to stop them, the EDR will allow you to easily design prevention plans and effective solutions to further increase your safety.  

Enforce your rules

EDR allows for increased control of user activities. Your IT department can configure various options here to enforce your business rules and keep them secure. For example, the moment the EDR spots suspicious activity, a designated employee might receive a notification asking them to log out a (potentially malicious) user breaking the rules.

Customize alerts

This feature will prevent you from being disturbed by alerts that we do not want to receive.

RGO02-A-content-shape
RGO02-A-content-shape

EDR: essential for teleworking

You can have the best performing firewall, if you don't have an EDR you still expose yourself to threats. While the firewall provides north-south security (ie traffic from the external to internal), the EDR watches over the east-west (internal traffic). This is why your network should have both, especially now with the popularity of telecommuting, where the risk of breaches is high.

EcoEDR: an essential ally

One of the biggest weaknesses of a business is not in equipment, but in human error. Indeed, often inadvertently or through ignorance, employees will pave the way for attacks, in particular by clicking on a corrupted link, by opening a document that is equally corrupt or by disclosing information to hackers. EDR is the most effective solution to guard against such attacks.

Several major cyber attacks have taken place due to the absence of EDRs in computer security equipment, including that of the MGM hotel in Las Vegas in 2020 (personal information leaked by 10 million customers).

Companies that fall victim to such attacks pay a heavy price: financially, on the one hand, and in terms of their reputation. They risk taking years to regain public confidence.

EPP and EDR: not to be confused

Our messaging security systems:

EPPs (Endpoint Protection Platforms) aim to prevent traditional threats. Compared to EDR, their potential is limited. EDR analyzes threats and attacks to improve its own effectiveness over time, while EPPs simply detect and neutralize them. And, even here, their ability to detect threats remains inferior to that of the EDR.

In short, EPPs may be sufficient for companies with basic IT security needs, but are not recommended for those whose activities depend on the IT system and data.

To find out more about our EcoEDR solutions Arrow
slider-shape

MFA and SIEM: from authentication to correlation

To protect yourself from identity theft

With teleworking, multi-factor authentication has become a real necessity, whether remote connections go through terminal-server (TS), virtual private network (VPN) or even through an application hosted in the cloud.

Outsmart the clever foxes who would be tempted to pretend to be an employee: multi-factor authentication is the solution against identity theft by usernames and passwords.

What is Multi-Factor Authentication (MFA) and Two-Factor Authentication?

Multifactor authentication: A process for verifying identity that uses at least two different authentication factors.

Two-factor authentication: A method of verifying identity that uses precisely two different authentication factors.

The different authentication factors

In order to secure any connection or transaction of a user, the system will attempt to confirm their identity using various authentication factors.

The password

The password is information that the user must know .

The token (or identification token - security token)

The token can either be a real token that the user must have when logging in or his smartphone.





Today, the complexity and evolution of IT infrastructures, applications, the cloud, virtual machines and endpoints increase the chances of being subjected to a cyberattack.

To secure these elements effectively, three aspects are required: a holistic view of the network, data collection and correlation between events and threats . This is what SIEM allows

What is a SIEM?

SIEM (for Security Information Management system or, in French, management of information and security events) has the role of detecting threats, attacks and anomalies thanks to its ability to correlate the various events. Thus, he can identify the cause of several separate events, such as a hacker having slipped into the network to perform manipulations or even an SMS or an email that would have been used to make phishing attempts.

Data collection and standardization

In order to be able to correlate events, SIEM collects them on logs and equipment, such as firewalls, routers, servers, databases, etc. These events are then normalized into a more readable format, allowing the IT team to search by criteria, for example.

The advantages of SIEM

Better network protection

SIEM also alerts you to suspicious activity on software and network connected devices - for example, it will alert you if a service provider installs software on your network that can potentially export data from your business.  

Simplified network management

SIEM allows events to be archived as well as the generation and replay of old ones to conduct investigations after an incident.

Your company's compliance with legal requirements

After collecting the data, SIEM places it in a central repository for analysis and, ultimately, to produce compliance reports. Thus, SIEM speeds up the identification and analysis of security events.

Contact us now

Contact us Arrow

Find out more about our multi-factor authentication solutions, which will save you a lot of headaches.