5 reasons why EDR is becoming a security standard in the IoT devices industry
Buzzwords come and go. Only a few stick around, and usually because they represent an actual shift in our perception. Has EDR turned into an industry buzzword? Well, if so, it’s been around for quite a while now (some people claim that it was actually coined in 2013 – ages ago in terms of fashionable technology trends).
Shorthand for Endpoint Detection and Response, it stands for a cybersecurity approach that collects, records, and stores large volumes of data from endpoint activities to provide security professionals with the comprehensive visibility they need to detect, investigate, and mitigate advanced cyber threats.
For an EDR solution to be effective and keep its promise, it requires, in most cases, installing an agent on each endpoint, so that all behaviors occurring there – particularly those that involve interacting with exterior components – are under constant detection. All activities on each endpoint are therefore monitored, tracked and recorded, resulting in an event stream, which in turn is used to investigate suspicious behaviors and to respond with the appropriate defense.
But then there’s also Security by Design
A very common approach to IoT cybersecurity is what we all know as Security by Design.
As opposed to EDR, the idea of Security by Design is to ensure that security measures are built and programmed into the product prior to its release and updated periodically. This process calls for a thorough analysis of potential threats and vulnerabilities, which are much harder to protect against when they actually occur in real-time. Moreover, it could be a zero-day attack, which means that until it happens no one knows about the vulnerability.
The main benefit of the Security by Design technique is that errors and weaknesses can sometimes be avoided from the get-go, being that all aspects of security are incorporated into the planning, from prototype to the final product.
However, a major drawback of this approach is that it can only protect from known threats; while system updates are an important part of keeping these more conventional defense tools applicable, they aren’t built to handle all related attack activities once they occur.
Considering that the opponents in this domain, i.e., the attackers, adapt very quickly, Security by Design solutions tend to fall behind in the race against them.
Why EDR solutions are gaining traction in the IoT industry – There’s room for improvement
The advantages of EDR solutions compared to Security by Design are even more pronounced when it comes to the IoT, specifically to home IoT devices (smart home devices). The tremendous growth in the home IoT devices market is offering new and lucrative opportunities not only for end consumers but unfortunately also for different types of malware. Sometimes, that’s the side effect of success.
What makes smart home devices particularly vulnerable, you ask?
First, home devices can be missing very advanced built-in security systems, because with this market’s low revenue margins, manufacturers usually can’t afford to invest too much into security and stay profitable.
Second, as mentioned above, existing Security by Design best practices do not provide a comprehensive solution to all scenarios.
Third, end consumers are not that diligent about ensuring their safety, nor are they even aware of the risks (unlike IT professionals).
As it is now, Security by Design solutions can’t offset such vulnerabilities. Furthermore, when asked about current security challenges in an ESG research (discussed here), cybersecurity and IT professionals raised a few more issues related to Security by Design, including false alarms, lack of automation and remediation capabilities (that is, terminating processes, deleting files, and rolling back system images). All of these, if existed, could assist security teams in mitigating the problem of reimaging compromised systems.
But I am not implying that Security by Design should be left behind. I do think that it must be preserved. I am just reflecting on why many professionals add additional technologies to the mix.
5 concrete reasons why Smart-Home device companies are embracing real-time endpoint protection solutions
Going a step further into analyzing why real-time EDR solutions are gaining traction, we can divide their main advantages into 5 distinct categories. In many ways, these are also the building blocks that make up the EDR approach the IoT ecosystem’s next security standard, and the reason smart-connected device companies are embracing EDR as part of their security technologies:
- Real-time detection and response to attacks bring a whole new level of security posture. Need I say more? While it’s possible for existing technologies to make attacking harder than without them, opponents constantly change their tactics and look for new vulnerabilities. Real-time EDR solutions pull together all behaviors related to these attacks, investigate them and offer protection as quickly as possible.
- In the background of dynamic and proactive solutions, EDR included, there are smart AI-based engines that are constantly absorbing information about attacks, threats, and evolving hacking methods. A well designed AI engine learns all about them, trains itself, and comes up with appropriate defending measures in real-time. It means being well protected from a wider variety of attacks and being less susceptible to new kinds of threats.
- A real-time EDR tailored to IoT device companies holds specific advantages. For example, it is very easily implemented on lightweight devices. It can be applied over the air, as an aftermarket service, and can work side by side with existing cybersecurity solutions on the same device.
- A real-time EDR solution (if built properly) can support a super-fast response to threats and prevent PR, brand, R&D or other business-related crises from happening. Robust forensic capabilities are provided so that attacks can be investigated as soon as abnormal patterns are detected. Root causes are therefore identified almost on the spot, enabling immediate cleanup and remediation.
- Another unique benefit that comes along with only a few real-time EDR solutions is related to the significantly robust analytics and insights system. Environment-related cyber threat information is constantly collected, then sent to the device company. Hence, simply by implementing a proper EDR solution, the company is enriched with a priceless source of ever-updated big data.
When it comes to the home IoT devices industry, we’re about to experience a plethora of new threats and dangers. In fact, just open any news app and you will instantly see that it has already started….
Vulnerability in connected devices is a real issue, posing challenges to manufacturers and consumers alike.
Existing solutions such as Security by Design need strengthening from completing technologies to properly address these challenges. Many smart devices companies are now beginning to understand the risks they are facing and are hunting for optimal technologies. Others still wrongfully believe that what they already have is enough. Sadly, and as seen with other, more mature connected industries, hackers will probably soon prove them wrong.
Our industry is facing an important milestone that holds a huge responsibility for the security of tens of millions of end consumers. I sure hope that companies and brands will act fast enough before attackers do.