Since the dawn of IT, adversaries have found ways to break into and attack a computer system – and defenses must constantly evolve to catch up.

With endpoint detection and response (EDR), firewalls, and email security, you might feel safe—but the bad guys get in. What are we doing wrong?

Well, if you do what you’ve always done, you always get what you’ve always got. To mature the stack, our security architecture must become resilient and autonomous.

Cyber ​​stacks have never been impenetrable

No wall has ever been built that cannot fall. Despite stronger and more technically advanced defenses, the number and scale of breaches continues to grow year after year. Antivirus has evolved into EDR; spam filtering has evolved into complete email security – and yet nothing is ever impenetrable.

IBM’s “Cost of a Data Breach Report 2024” states that the global average cost of a data breach in 2024 is 4.88 million dollarsand the damage caused by cybercrime is getting worse every year. The estimated cost of data breaches to the global economy is more than $20 trillion by 2026, according to data reported by statistically.

State actors are funding more cybercrime groups than ever before. For several years, the majority of nation-state cyberattacks have originated in Russia, however countries such as North Korea and Iran are increasingly developing their cybercrime skills, reports Global Cybercrime Index.

And artificial intelligence (AI) is increasing the volume and speed of attacks and allowing criminals to improve their social engineering skills. Threats that use AI-enabled human targeting are becoming increasingly difficult to detect and defend against – even with AI tools used to identify them, says MicrosoftHis “2024 Digital Defense Report”.

So why do organizations think their current defenses are sufficient?

The EDR illusion

The illusion of security is a dangerous thing. It’s like walking a tightrope over an abyss while thinking you have a safety net: if you’re not aware of the dangers, you’re not taking steps to be safe.

EDRs are the biggest example of this in modern cyber security. Many organizations believe that EDRs will protect them no matter what, but cybercriminals take advantage of this fallacy.

Malware that destroys EDR is everywhere now. Earlier this year, Elastic Security Labs reported this GhostEngine Malware evades detection by shutting down security systems. RansomHub provides a binary which elevates privileges to disable endpoint protection software.

“Lumu 2024 compromise report” found that information thieves accounted for 11.7% of malware tools detected to have bypassed traditional security. Infostealer malware it is particularly effective at bypassing and disabling EDRs. Even without shutting down an EDR, information thieves can often operate almost silently undetected by endpoint defenses while extracting valuable information and credentials from the system.

The use of compromised credentials for initial access is around 24%, according to CrowdStrike. Not only is this the most common initial attack vector, but IBM’s “Cost of a Data Breach Report 2024” says it also takes the longest to identify and contain. Most traditional tools are simply not designed to detect activity when legitimate credentials are used to gain access.

Complementing the EDR illusion, extended detection and response (XDR) systems are the new panacea. XDRs are essentially an extension of EDR technology and have the same limitations. For example, an EDR requires an agent, and by default this creates blind spots for anything agentless – such as cloud-based workflows and the Internet of Things. Unless integrated with network detection and response (NDR) or a security information and event management (SIEM) solution, an XDR will not raise an alarm when malware bypasses EDR.

This proves that we need to break the illusion of EDR and rethink our cybersecurity architecture.

Time to rethink the stack

It’s never been more imperative to take a step back and figure out how to close the gaps in cybersecurity.

We have to assume that we will be attacked and cybercriminals will breach the first lines of defense (if they haven’t already). When this happens, we must still provide security to ensure that any breach is stopped as quickly as possible. How?

A good NDR tool takes all these points into account.

The illusion of cyber security based on EDR must be shattered. EDR can never be enough on its own. It’s time to rethink the stack to ensure fast response times after a breach, making network visibility central to your architecture. of cyber security.

By Ricardo Villadiego, Founder and CEO, Lumu Technologies

About the author

Ricardo Villadiego (RV) is a seasoned entrepreneur and visionary technology leader focused on cybersecurity. His last 20 years have been spent trying to solve some of the most prevalent cybersecurity challenges facing organizations. RV founded Easy Solutions, a global organization focused on the prevention and detection of electronic fraud. Later, RV led the cybersecurity business unit at Cyxtera Technologies, where he developed a long-term vision and execution plan. His passion for technology and cyber security sparked yet another adventure and he created Lumu Technologies with a clear goal: to help organizations detect speed compromises.

Throughout his career, Ricardo has held various leadership positions at IBM, Internet Security Systems, and Unisys Corporation. He is an electrical engineer who is also an avid reader, relentlessly curious, and tech geek, and currently resides in South Florida with his family.