Office of the Secretary of Defense Calls for Emphasis on Detection and Response
Security | Jul 1, 2015Anthony Di Bello
The reason, Carpenter noted, is that there is a clear window of opportunity within which to find attackers inside the network and cut off their access before they have a chance to exfiltrate data. This is backed up by the fact that the vast majority of breach disclosures note that the attackers had been inside for a period of time prior the data exfiltration.
We can’t prevent all breaches. Now what?
The number one thing organizations have to assume is that attackers may already be on their endpoints, undetected, looking for sensitive data to steal. That means that they’ve already bypassed security controls, which are typically at the gateway or are signature-based, and those controls are useless once the invaders are inside and user accounts have been compromised.
But there’s hope
What Carpenter is calling for is detection and response. And that's what we do at the endpoint--what Gartner calls endpoint detection and response (EDR). Every action leaves a breadcrumb that can be seen by EnCase® Endpoint Security with our unparalleled endpoint visibility. It’s a simple fact: there is no way for an attacker to compromise a system without leaving a trace either on the disk, in memory or in the registry.
Having comprehensive endpoint visibility is the only way to ensure you have the capability to root out an attacker, no matter how well they think they’ve hidden their tracks. EnCase Endpoint Security gives you the industry’s deepest and most complete endpoint visibility—even down below the operating system level. I invite you to take a look and share your own ideas in the Comments section below.