COI Report – Part VII
Page 257 of 425
security, but can also make itself persistent by manipulating Windows registry
57
entries. These entries will cause malware code to be reloaded into the computer’s memory, even after the computer is rebooted, which would normally wipe out any purely memory-based malicious code.
742. It is therefore increasingly accepted that traditional anti-malware software is inadequate, and that anew strategy must be created to identify breaches at endpoints. Indeed, this was shown to be true in the Cyber Attack – while IHiS had enterprise-level antivirus and anti-malware protection for endpoints, the signature-based system was unable to prevent endpoints from being infected by fileless malware, nor could it detect the customised Remote Access Trojan deployed by the attacker.
743. To combat the sophisticated threats of today, modern endpoint security requires an endpoint security system with advanced security technologies and services, such as EDR, predictive analytics, and incident response. Advanced endpoint security solutions do not only address prevention, but also detection and response. The Committee notes that IHiS is in the midst of planning a roll out of
EDR at all endpoints. Once rolled out, it will be able to detect IOCs (indicators of compromise, and record endpoints system-level behaviours and events such as user or file processes, as well as registry, memory and network events.
744. Expert witnesses Dr Lim and Vivek have recommended the implementation of EDR systems. According to Gartner, EDR is a security technology “created to satisfy the need for continuous detection and response to
advanced threats – most notably to significantly improve security monitoring,
threat detection and incident response capabilities.”
58
Vivek recommends the use of EDR as it is a detection system that looks comprehensively at the overall network – the operating system, and the behaviour of the software operating on The Windows registry is a database of information, settings, options, and other values for software and hardware installed on Microsoft Windows operating systems. Business Wire, Guidance Software Recognized as the Estimated Market Share Leader by Gartner in the Endpoint Detection and Response (EDR) Tools Market, December 2014.
|
