If you’re new to cybersecurity or are looking for tools to protect your organization, we’ve created this guide to help you navigate two staple categories of products most small to medium-sized enterprises (SMEs) should have in their security operations arsenal: vulnerability management and endpoint detection and response (EDR) products.
What is vulnerability management? What is endpoint detection and response (EDR)?
Let’s start by defining some common terminology and what these products are.
A vulnerability is a weakness in an information system that could be exploited by a threat source.
An endpoint can be any device connected to a network including computers, laptops, mobile phones, tablets and servers. In this article, think of any system that has physical hands-on-keyboard.
Vulnerability management is a proactive security measure designed to prevent the exploitation of vulnerabilities that could put a system or organization at risk.
Endpoint Detection and Response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints, facilitating a reactive quick response to discovered or potential threats.
If you think of these products in the context of protecting your home, vulnerability management products identify if a door is unlocked or a window is open, whereas EDR will tell you if someone is actively in your house.
How do Vulnerability Management and Endpoint Detection & Response (EDR) Products work?
Vulnerability management products scan your infrastructure to tell you the nature of any vulnerabilities found and what combination of software needs to be present for an attacker to gain access into your system.
EDR products are deployed as an agent on every computer system that is used for operations (think workstations, laptops, servers). EDR agents can detect and defend monitored endpoints against intrusions of known threats.
What are the benefits of Vulnerability Management and Endpoint Detection & Response (EDR) products?
As vulnerability management products run scans on your infrastructure, details surface around what exactly the vulnerability allows an attacker to do, answering the question: What is the probability that this will be used by an attacker to get into my system?
Some vulnerabilities are worse than others depending on what the attacker can do when exploiting the vulnerability. Some of these types of attacks include (but are not limited to):
|
Denial-of-Service (DoS) |
When an attacker uses up a resource such that a computer can no longer function as a normal component of your infrastructure. Think of this as an attacker cutting power to your house, which now makes your house unlivable. |
|
Escalation of Privileges |
This is an elevation of privileges where an untrusted user now has administrative-level access. Think that instead of having a house, you now have a hotel. Hotel guests can be considered untrusted users. But, an untrusted user went from a hotel room to now accessing the records or security room. |
|
Remote Code Execution (RCE) |
This is one of the worst classes of attacks. In this case, an attacker can use a vulnerability to run any code on your computer. By allowing an attacker to run code, they now have full access to your system. |
As mentioned previously, EDR products are used in a reactive-manner, whereas vulnerability management products are proactive. EDR products detect and defend against known threats and can provide clues to:
- What happened once the endpoint was compromised?
- What did the attacker do?
- How was the endpoint compromised?
Why is it important to have both Vulnerability Management and EDR Products?
When running vulnerability management in conjunction with an EDR product, vulnerability scans will surface alerts about software and application vulnerabilities, and because your EDR product has agents installed on your systems, you’ll be able to see what endpoints need to be patched to avoid an attacker gaining access.
Think of vulnerability scans as reaching out to your endpoints to “jiggle doorknobs” and trying to open windows to see which software running on endpoints needs to be patched and made more secure.
Vulnerability Management and EDR products we love
|
Product |
Why we love it |
Pricing & how to buy |
|---|---|---|
|
Vulnerability Management |
|
Free trial available. Starting from: $2275.00/year |
|
Vulnerability Management |
|
Free trial available. |
|
Endpoint Detection & Response Vulnerability Management COMING SOON |
|
Free 15-day trial available. Pricing per month/per endpointL FALCON PRO: $8.99 FALCON ENTERPRISE: $15.99 FALCON PREMIUM: $18.99/ |
|
Endpoint Detection & Response Vulnerability Management COMING SOON |
|
Free trial available. Starting from: $45.00/year |
|
Endpoint Detection & Response |
|
Carbon Black’s products are only available through third parties. |
|
Endpoint Detection & Response NEW Vulnerability Management COMING SOON |
|
Free trial available directly through Microsoft. Note: you have to buy through a reseller. Microsoft Defender for Endpoint can be purchased in several different pricing plans ranging from $10 per user/per month up to $57 per user/ per month. |
|
Vulnerability Management |
|
Free trial available. Note: To integrate with Fletch, a Business-level or higher license is required. |
How Fletch makes vulnerability management and EDR products easier to use and more powerful
Once vulnerability management and EDR tools are deployed, the bigger challenge is prioritizing alerts and issues coming out of them to make them valuable on a daily basis.
Which issues should teams focus on and why?
Vulnerability Management and EDR products do provide rough severity scores, but those scores lack context and impact. No one has time to sift thousands of alerts and findings to figure out which one needs to be addressed first.
Every day, Fletch scours thousands of open-source intelligence (OSINT) sites for new threats and vulnerabilities that are popular.
Fletch then:
- identifies which articles contain actionable indicators, like malware family names, process/file hashes, and CVEs
- uses natural language processing and machine learning to assess each article's public severity and impact on determining which issues impact your industry
- determines which issues leverage previously unknown 0-day vulnerabilities and which issues are actively being exploited in the wild.
Finally, Fletch sends you a Daily Threat Pulse email showing which subset of articles impact your infrastructure based on indicator matches between the article, your vulnerability scan reports, and your EDR alerts.
This saves your team hours of time daily. Instead of having to manually correlate and prioritize issues, Fletch focuses teams on acting instead of analyzing.
Fletch is focused on solving the most common cybersecurity needs for SMEs and underserved teams who are cloud-first or those migrating to the cloud. Whether you’re an army-of-one or a security team of dozens, Fletch can help your organization with visibility, response, and remediation of cyber threats.
Learn more about the Trending Threats app in this short video and see how Fletch can help you save hours every day by automatically evaluating the impact of new cyber threats on your business.
Fletch integrates with the industry’s most popular vulnerability scanners and endpoint products and can help companies using one or a combination of these products. Join the waitlist today.
