EDR Endpoint Detection and Response against Malware is based on a unique Protection System.
To Analyze EDR , you must have a basic idea, of what does the Malware/ Virus/ Threat does when it reaches the EndPoints:
Possibilities are :
1-It May Initiate some processes unwantedly , and on an abnormally high scale.
2- It may Create unwanted/ Unexpected numbers / Types of Connections.
3- Unwanted transfer of data at unexpected volume.
EDR Solutions Gather such Data at the entry Point.
They are equipped with Artificial Intelligence to Trigger an Automated response, if they sense a Security Breach.
This response can be
- Halting the Malware activity.
- Disabling the Remote Desktop port
- Stopping any unwanted process.
EDR PROTECTION PROCESS SIMPLIFIED
EDR Protection against Malware is really a need of the modern era.
And importantly they can provide Forensic Analysis of the Malware Activity, even when successfully mitigated.
How EDR protects you against Ransomware?
Ransomware attacked my PC, which you hear mostly nowadays. On average, after every 11 seconds, some victim falls into the hands of Ransomware. And to get one’s data back one has to pay the “RANSOM”. An ancient proverb is still valid;
“Prevention is better than cure”.
God forbid if you are a victim of ransomware, don’t think that you have restored the data back and you were safe, rather hackers will publish part of your sensitive data to the Dark-web and generate money.
If you pay the ransom amount, even then there is no guarantee that they will not sell your sensitive data on the Dark web. If you ask for the “guarantee” they ask for a “premium ransom amount”.
Might be this data was belonging to a company where you signed a non-disclosure agreement (NDA). The company knows it was only given to you for data analysis. So get ready for the consequences that you could not protect the data.
Some companies are even hiring resources who provide intelligence to any company-related data. Such data is on sale on the Dark-web, so they quickly come to know where the data is for sale on the Dark web.
If you are well protected against “Ransomware attacks”, then no need to worry. It not only keeps your data in safe hands but also gives you “peace of mind”, which is the “most precious” item in this world.
To get protected against Ransomware
you need a technology that is signature-less. Normal antivirus (AV) does not support you in that regard. AV must have the following to detect malware;
-
behavior signatures
-
malware signature.
So you must be equipped with “Endpoint Detection & Response” (EDR) and ”Zero Trust” technologies.
EDR actually uses a classification system
This is a classification system. As we use it in our office to keep confidential data safe. EDR classifies all EXE files and saves a good number of parameters to identify the actual file. I give you an example say hackers warp an “SVCHOST.EXE” through a script, to communicate a copy of data to the hackers’ server.
The EDR technology will use the MD5 of the EXE file and will come to know that it is a wrapped file. As no one can change the MD5 of a modified file back to the original file. Hence the EDR blocks the wrapped “SVCHOST.EXE” .
That is the secret
EDR can block the “Zero-day” viruses and ransomware attacks.
For any query, you can post your queries at the following link.
