For many executives, cyber threats are now among the top business risks their company faces. Indeed, according to Deloitte, 87% of bosses say improving their cybersecurity defenses will be an extremely or very high priority over the next two years.
The events of the last year have only increased this. Since the start of the COVID-19 pandemic, the FBI has reported a fourfold increase in the number of cybersecurity complaints it receives, while research by McAfee estimates global losses from cybercrime surpassed $1 trillion last year - a 50% rise from 2018.
With more people working from home, business' exposure to threats such as social engineering attacks, ransomware and cloud vulnerabilities are likely to be higher than ever. At the same time, the evolving nature of these attacks mean traditional ways to protect businesses are no longer adequate.
Therefore, it's vital firms update their defenses with the latest solutions, with next-generation antivirus (NGAV) and endpoint detection and response (EDR) at the heart of this.
The need to cope with a new generation of threats
The techniques and attack vectors used by hackers are constantly evolving, so firms need to be responding quickly to these and putting in place the latest systems to address new threats.
One quickly-growing type of attack is ransomware. This has proven to be highly lucrative for cyber criminals, as it's simple to deploy and offers the potential for large returns. For example, research by Palo Alto Networks found the average ransom paid by firms to restore encrypted assets rose from $115,123 in 2019 to $312,493 in 2020.
Social engineering tactics such as phishing are also on the rise, and are proving increasingly effective as more people work remotely. These employees may be more likely to respond to emails purporting to come from a senior manager, for example, when they aren't in the office to physically verify any requests they receive.
These are often relatively simple attacks. However, other cyber criminals have developed much more complex tactics designed specifically to evade traditional defenses such as firewalls and intrusion detection systems, so it’ll be important firms have the right tools in place to spot these early before any damage can be done.
The benefits of NGAV and EDR for businesses
There are a range of tools that firms can invest in to tackle these issues, but two of the most important are likely to be NGAV and EDR. These technologies should be central to any cybersecurity defense plan in the 2020s. So what benefits do they bring to businesses?
Next generation antivirus
As the name suggests, NGAV builds on traditional antivirus (AV) technologies with the addition of new innovations and best practices. Older AV software is increasingly outdated as it relies on file-based defenses and signatures of known threats. This makes it impossible for these tools to spot the new breed of fileless zero-day vulnerabilities that make up a growing percentage of todays' attacks.
Instead, NGAV uses tools such as artificial intelligence and machine learning to understand what normal network behavior looks like and spot unusual activity patterns. The use of predictive analytics allows it to take a more proactive approach than older solutions, blocking suspicious activity before it has a chance to enter the network.
Endpoint detection and response
EDR tools, meanwhile, have a different focus. They work by monitoring all of a network's endpoints in real time and collecting a wealth of activity data, which is then analyzed to identify threat patterns. Because this is all done at a centralized location, it can prove especially valuable to businesses where workers are spread out around the world.
Whereas NGAV only looks at data in a single location, EDR is able to consolidate information from across the business to develop a more complete picture of a network's activities and catch issues that may escape perimeter defenses. This in turn allows companies to stop intrusions before they become a problem.
How a holistic approach helps keep firms safe
NGAV and EDR shouldn't be used in isolation, however, or be regarded as two tools that are in competition with each other. It's not a case of NGAV vs EDR, but rather, these technologies work best when they're both integrated as part of a single holistic defense solution. This way, the advantages of one can make up for the limitations of the other, maintaining an ideal balance that protects the entire business.
NGAV, for example, focuses on preventing attacks. But even the most effective solutions can't guarantee 100% protection, and if a threat does escape the notice of an NGAV solution and a firm has no other tools backing it up, there may be nothing they can do.
In this situation, EDR tools can step in. Not only can they spot threats once they’ve breached the network, they can quickly identify how they’re spreading, trace attacks back to the source and provide a full picture of how any breach occurred. This not only prevents initial damage, but ensures you're able to prevent any future attacks.
Integrating EDR with NGAV therefore lets your firms take a more proactive approach to cybersecurity defenses and gives you the best chance of stopping any attacks before they have a chance to penetrate the network and cause damage.