endpoint protection won’t work!

any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection and response solutions.

“Results” are our best metrics, take Solarwinds as one of the best examples, there are hundreds of companies like Solarwinds and there are millions of actual attacks that purely endpoint-focused solutions are not even close to identifying them, or again, they will discover after the fact.

So, why solely relying on EDR is not a protection and gives you false hope of protection? understanding the attack vectors and how malicious actors take advantage of them would give you an idea of why pure EDR is not a protection solution. imagine a simple credential harvesting scenario, what happens when victim gives up their password to adversary, anything happens on endpoint? what if adversary changes victim’s email forwarding rules, will you be noticed? not with an agent on endpoint. you will probably be noticed when adversary starts to dump some Trojan on endpoint (and also hopping the malicious code has some type of obvious IoC), but not if forever just listen to email communications MITM. imagine how much information will be leaked before you realize, and those info could simply lead to other systems compromization and root cause of consequent persistent attacks and an untraceable chain of anomalies. no surprise that firms get hacked and it stays forever quiet and hidden and then Market (aka today’s solution providers) lectures us: visibility is important, come buy my product…and they define attacks “Sophisticated” even though these attacks are just a matter of lack of basic knowledge of cyber threats.

the root cause of “not-being-able-to-protect” is not really the difficulty of protection mechanisms, but more choosing the wrong technique.

hopping to protect a firm with a pure EDR, even the best of them, even a combination of 10 if those solutions out there, is like opening the front gate of a mansion and then rely on doors and windows sensors to detect a breach to your house.

By Kaveh Mofidi

I find simple solutions for huge and complicated problems. I believe information security and computers in general are fun to deal with, but our problems are way bigger than securing information. The real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth! Contact me with any question or comment: kaveh@securetarget.net

Leave a comment