(no title)
Bisen
|
1 year ago
EDR's are a great way to help secure endpoints but high fidelity threat intel which is tailored to your environment and org's needs can help increase awareness and shine light on potential security blindspots. This is especially critical when the threats are ever evolving and time to exploit is decreasing year over year. Qualys in a 2023 report stated that "25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed. They offer some outside the perimeter threats but by reputation, it’s a weakness and narrowly targeted to your organizations credentials and vulns, and orgs usually still need a threat intel provider. For example, one of our users who already uses an EDR, may not know about a 3rd party that’s been ransomed by a threat actor e.g. APT 73. An alert from Overwatch saying a 3rd party has been compromised will also include information about recent IOCs e.g. hashes and file extensions attributed to that threat actor so that the user can add them to virus total and scan internally to make sure they haven’t been compromised. This is an example of how EDRs and threat intel can work in concert.
No comments yet.