Are you getting ready for the upcoming RSA Conference, the world's leading information security conference and exposition?  The event is quickly approaching, taking place April 16th - 20th in San Francisco.  Ahead of the show, I spoke with UJ Desai, group product manager at Bitdefender, a global security technology company that provides cutting edge end-to-end cyber security solutions and advanced threat protection to more than 500 million users in more than 150 countries. 

VMblog:  With RSA coming up this month, what is your message to RSA attendees and those individuals who won't be able to make the conference this year?

UJ Desai:  Endpoint detection and response (EDR) for everyone is possible, from organizations with well-funded, well-resourced SOCs to organizations facing budget, staffing, and resource constraints. 

VMblog:  And what factors make it difficult for businesses to take advantage of the benefits of EDR solutions?

Desai:  Many organizations face restricted budgets and limited resources, in addition to having small and often overburdened IT teams. The often-discussed cybersecurity skills shortage also makes it difficult for them to find experienced security analysts. On top of that, it's burdensome for IT staffs to manage multiple solutions from multiple vendors. This sets them up for agent fatigue and an increase in the complexity of their environment.

VMblog:  What best practices do you recommend for organizations seeking to get the most value from their endpoint security solutions?

Desai:  EDR emerged on the premise that it's not possible to prevent 100% of threats, and it is focused on detection and on minimizing dwell times and damage. EDR should be a layer that's added, as if it's the SWAT team of security. You wouldn't use your SWAT team to fight street crime, and you shouldn't use EDR to combat known attacks that other security layers could easily address. Let EDR focus on the last 1% of attacks-the attacks that have not yet been discovered by traditional endpoint security products-and make sure your organization is using a funnel approach to make the most of each security layer.

VMblog:  Can you further elaborate on the idea of a funnel approach and its benefits?

Desai:  If you look at a funnel it goes from a broad end to a narrow tip. Automatic prevention and detection should be at the large end of the funnel, including preventative controls such as machine learning and behavioral monitoring. The middle stage of the funnel should be investigation, using threat analytics to sift through behavioral events in system activities and create a prioritized list of incidents for additional investigation and response. The tip of the funnel should be used for detection and response, and that's where EDR comes in. With a funnel approach in place, the EDR layer can focus on threats in the unknown/potential threat category.

Using a funnel approach reduces unnecessary noise from false alarms and trivial threats, and it allows EDR to focus on attacks that are both real and potentially dangerous. It also enables admins to focus solely on the elusive and advanced threats that have crossed the other security layers without wasting time on false positives. Simplified incident visualization and investigation allows them to assess the impact of the threat in seconds, leading to swift incident response tactics. If the EDR and prior prevention layers are also part of the same integrated solution, it allows current IOC verdicts from the EDR 'module' to train the prevention layers in effecting future detections at pre-execution itself. The funnel approach also has financial benefits, as it decreases the need for manual investigation and alert prioritization by IT teams.

VMblog:  What are some of the takeaways of Bitdefender's GravityZone Ultra solution that RSA conference goers should be aware of?  And what sets you apart from others?

Desai:  Traditional EDR solutions are often too complicated to work effectively and efficiently for any company that doesn't have a large team and access to an extensive budget and resource pool. GravityZone Ultra was built on the principle of EDR for Everyone. The platform uses one agent and one console, and combines all of Bitdefender GravityZone's signature-less pre-execution and on-execution preventative controls with early detection and response capabilities. In addition to the funnel approach's prevention- detection- investigation-response steps, GravityZone Ultra adds an evolve step, enabling the feedback loop from current detection to future prevention via in-place policy tuning and fortification. GravityZone Ultra provides seamless threat prevention, accurate incident detection and smart response to minimize infection exposure and stop breaches. 

VMblog:  Does Bitdefender have any speaking slots at RSA?  If so, can you tell us more about those sessions so people can get them on their schedules?

Desai:  Bitdefender's Chief Security Researcher Alexandru "Jay" Balan will be speaking twice at RSA on Thursday, April 19^th.

• 10:30-11:00 am: Exploiting Cloud Synchronization to Mass Hack IoTs

• 1:45-2:30 pm: IoT-The Gift that Keeps on Giving

You can find more information about Jay's presentations on the RSA Conference website here.

##

Want to learn even more? Watch this Bitdefender video interview.