Skip to content Skip to footer
Search

Loading Results

Endpoint detection and response

Traditional antivirus vs. endpoint detection and response

Like technology, security threats, gaps and solutions evolve. Traditional anti-virus solutions that utilise a signature-based approach to detect and quarantine malicious processes are unable to identify and block sophisticated attacks.

Endpoint detection and response (EDR) is a set of cybersecurity technologies designed to detect and remove malware or other malicious activities on a network. These are used to identify and evaluate suspicious activities on endpoints. After identifying a problem, EDR solutions respond by taking prompt action to remove the malware or other issues.

Limitations of traditional antivirus solutions

  • Relies on signature-based detection
  • Only detects known malware
  • Lack of holistic visibility on the environment
  • Lack of detective control (e.g. behaviour analysis)
  • Lack of detection on file-less & “Living-off-the-land” attacks
  • Lack of real-time  response capability 

Benefits of EDR solutions:

  • Provide real-time active response capabilities
  • Integrate with other security tools (e.g. SIEM)
  • Correlate alerts into an incident
  • Detects tactics, techniques and procedures (TTPs) used by adversaries
  • Able to detect zero-day / ransomware / file-less attacks
  • Comprehensive reporting and visibility on the environment
  • Promptly isolate endpoints and respond to attacks

Leverage EDR solutions to address security and regulatory trends

A high proliferation of IoT and smart devices, the evolution of the Bring-your-own-device (BYOD) policies to include multiple devices, and the de-centralisation of corporate networks has disrupted the traditional security perimeter. Adversaries are now one compromise away from obtaining access to the entire network via your endpoints.

Based on our understanding of trends in regulatory frameworks such as the Cyber Resilience Assessment Framework (C-RAF) introduced by the Hong Kong Monetary Authority (HKMA), we foresee there will be strengthened requirements for institutions to implement EDR solutions to improve their detection and response capabilities against sophisticated attacks.

  1. Increase visibility, especially across critical endpoints
    EDR solutions comprehensively collect events and continuously detects for suspicious behaviours commonly used by adversaries. Coverage extends beyond HQ to branches and the cloud, with emphasis on critical endpoints.
  2. Focus on and respond to unusual activity
    EDR solutions combine signature-based methods with behavioural approach. The security operations centre (SOC) is promptly alerted to investigate and is armed with relevant insights to make informed decisions.
  3. Uplift your cyber defence capabilities
    EDR solutions enable your blue team to detect and respond to sophisticated TTPs. PwC purple teamers will use threat intelligence and simulation of real-life attacks to further enhance detection capabilities on your EDR solutions.

Some facts about malware attacks

  • PwC’s red teamers spend less than 10 minutes on average to bypass an antivirus solution by changing the known signatures.
  • Over 500,000 malicious files were submitted to VirusTotal on a daily basis. Most of them are able to bypass traditional antivirus solutions.
  • File-less attacks grew by 256% in the first half of 2019.
  • “Living-off-the-land” attacks have picked up significantly in the world and account for 40% of the total number of cyber attacks in 2019.

PwC’s EDR services

PwC’s DarkLab has in-depth expertise and extensive experience in providing clients with EDR services. Our 150+ cyber security professionals help companies build a tailored, next generation cybersecurity defence.

EDR implementation

  • Help strategise your EDR deployment, and ensure installations are in essential areas of your network architecture

Purple teaming and SOAR

  • Using a mix of red team and blue team professionals, we build tailored use cases for your specific environment based on MITRE ATT&CK
  • Periodic red team reports on increased difficulty in breaching the network

Blue team training and SOAR

  • Design incident response playbook and training for in-house blue team
  • Integration of your EDR into security orchestration, automated and response (SOAR) to provide quick, accurate response for your blue team analysts
  • Perform incident response drills with business teams

Managed detection and response

  • Through PwC’s 24x7 SOC service, our analysts help monitor your EDR and provide the relevant response
  • Integrates with our SOAR platform to provide automated responses through pre-agreed playbooks

Your EDR journey starts here - Join our free red, blue and purple team workshop

To further understand how PwC’s EDR solutions and services can help empower your cyber defence, we are offering a complimentary half-day workshop including demonstrations and simulations based on your use case.

Part 1: Purple team live demo

  • Conduct live demonstration simulating a cyber-attack
  • Understand how our red team uses a phishing email to compromise your environment and escalate privileges to obtain business sensitive information
  • Learn how our blue team detects and responds to such attacks by referencing the MITRE framework

Part 2 - Option 1:
Insider threat attack simulation

  • Learn the theoretical concepts of how to bypass standard antivirus software
  • Receive walkthroughs based on real-life experience from our red team with videos illustrating the end-to-end process of an attack

Part 2 - Option 2:
Hands-on proof of concept demo

  • Re-create the compromise under the watchful guise of our red team
  • Interact first-hand with the tools and commands we use in our daily engagements

Part 3: Blue team demo on EDR solutions

  • Demonstrate the methods to mount a successful cyber defence
  • Receive sharing from our blue team on their security monitoring and incident response experience with EDR solutions
  • Brainstorm how best to deploy EDR solutions effectively in your environment

For more information or to reserve our workshop, please email us: https://pwc.qualtrics.com/jfe/form/SV_1AhAfIuZHNDkWoZ

Contact us

Kenneth Wong

Kenneth Wong

Mainland China and Hong Kong Digital Trust & Risk - Cybersecurity and Privacy Leader, PwC Hong Kong

Tel: +[852] 2289 2719

Kok Tin Gan

Kok Tin Gan

Partner, PwC Hong Kong

Tel: +[852] 2289 1935

Felix Kan

Felix Kan

Partner, PwC Hong Kong

Tel: +[852] 2289 1970

Follow us