Alessandra Peters

20/08/2022

EDR And Remote Work: Why Cybersecurity Visibility Is Getting Harder for Modern Workforces

Asked to describe their digital attack surface in a recent Trend Micro report, nearly half of all organisations surveyed said, “spiralling out of control.”

This is not surprising. With almost every business activity now relying on remote access, online collaboration tools, and cloud services, the average company’s threat surface has grown exponentially in the last few years. Cybersecurity visibility, as a result, has gone in the opposite direction. According to Deep Instinct research, 99% of cybersecurity professionals globally don’t think all their endpoints are protected by even one security agent. 

Considering that hackers often use endpoints as easy entry points into IT environments, decreasing security visibility is one of the greatest weak points a cybersecurity program is likely to have. 

Any organisation that wants to reduce the cybersecurity risk created by endpoints needs to invest in advanced endpoint protection solutions like endpoint detection and response (EDR). This is particularly true for businesses with remote and/or hybrid workforces, which have been described as the “biggest cyber-blind spots.”

However, because EDR solutions only look at endpoints, they cannot remove blind spots altogether or reduce cybersecurity risk across the rest of a company’s ecosystem. For that, companies need an integrated threat protection platform like SenseOn that eliminates the need for siloed monitoring tools by analysing network traffic from both endpoints and the entire IT estate in one place.

Remote Work Left Many Businesses More Vulnerable to Cyber Attacks 

Over the past three years, most companies have upended how they work. Pre-pandemic, 60% of employees with remote-capable jobs worked fully on-site, and only 8% were fully remote. In 2022, things could not be more different. In February of this year, just 19% of employees were on-site. The rest were working either remotely (39%) or in a hybrid work environment (42%). 

Although remote/hybrid working has no doubt rescued many firms during a global health crisis when on-site working was not an option, its legacy is a threat landscape that has never been more dangerous. Most security leaders believe that remote workers are exposed to more risk than their office counterparts but are struggling to keep them protected. According to a remotely survey of 600 system and IT administrators across various different sectors, one in three respondents said that keeping users safe daily is one of the biggest challenges they have as a remote IT team. 

Part of the reason why remote security is hard is that the IT professionals responsible for it are often bogged down in administrative tasks like provisioning services and apps, dealing with staff that have ignored security best practices, managing end-user identities, and helping onboard new workers. When asked what they spend most of their time doing, IT workers cited “ensuring business continuity” and “protecting users from themselves” as the top two imperatives. “Security/fight attempts to hack or compromise the network” came in third. 

With so much of their time taken up by administrative tasks, it is no wonder that endpoint security has fallen to the wayside and cyber risk has soared. As many as 16% of enterprise devices are unencrypted, and two out of three machines are running out-of-date OS versions. Enterprise devices are also, on average, 77 days behind current patching. However, while managing vulnerabilities is important, a major issue facing security teams is a lack of visibility into their IT environments. 

Invisible Devices Are Hurting Companies

With many employees and their devices now living outside the walls of companies’ physical environments, lack of visibility into remote endpoints is putting organisations at severe risk. 

A recent Illumio report that surveyed IT professionals at 300+ mid-to-large sized companies found that more than one in two IT workers can’t see attempted connections being made to work laptops from devices on local home networks. A further 45% said their visibility is constrained by VPN tools, which leaves IT teams in the dark about where employee work devices are actually coming from. What’s more, 13% of corporate devices are not even connected to a corporate domain. 

It’s not just mid-sized organisations and large enterprises that suffer from blind spots caused by remote work. No security posture is safe. Researchers at Cyrebro examined incident response reports from multiple companies across a range of locations, industries, and sizes. They discovered that visibility is the most common factor driving attacks, irrespective of whether the targeted organisation is an enterprise with 5,000+ employees or an SMB with less than 15. 

When IT security teams are unaware of what’s going on in the corporate network, threat actors have free rein to move undetected across a network, jumping from one endpoint to another to further the attack. Without visibility, an effective security posture is impossible.

A Security Toolset for Remote Workforces

What’s interesting about the Cyrebro report mentioned above is that more than three in four organisations that experienced a cyber-attack did not have anti-malware or EDR tools deployed on their endpoints. When companies lack adequate security tools, visibility suffers, and threats can more easily slip past. 

Limited visibility not only makes attacks more likely to happen but also makes remediation more difficult. Already, more than 8 in 10 organisations say it would take them up to three days to recover from a ransomware attack and that, in the meantime, they’d have to operate at less than a quarter of their usual capacity. EDR solutions, which gather and analyse threat-related data from all endpoints connected to a corporate network, can help companies track down and remediate cyber threats faster. 

However, while EDR is integral for endpoint security, it alone won’t protect organisations from cybercrime. Because EDR security solutions only look at endpoint activity, they do not completely solve the problem of limited visibility. As a result, if an attack starts from a different place within a corporate environment other than the endpoint, or uses multiple vectors, security operations teams may not become aware that a cyber incident is in progress until it is too late. Unable to correlate multi-events from multiple sources, security professionals may also treat suspicious activity flagged by EDR security platforms as false positives.

For 360-degree visibility and ultimate network protection, organisations need a solution that gives their SOC a holistic view of their digital estate. Combining security controls like NGAV, EDR, NDR, SIEM, and SOAR, SenseOn extends real-time visibility across endpoints, network, and the cloud, eliminating blind spots once and for all. 

Sign up to our newsletter

Join thousands of like-minded professionals who are already 
receiving our blog updates and best practice guides.