All Research
Buyer's Compass

Why don't you like this?

I like this
I don't like this

Endpoint Protection Detection & Response (EPDR)

John Tolbert
Malware has been a constant threat to all organizations and end users for decades. There are no signs of the threat of malware abating. KuppingerCole recommends the use of Endpoint Protection Detection and Response (or eXtended Detection and Response) solutions for every size and type of organization. Use this Buyer's Compass as a guide to selecting the right solution for your company.

1 The Challenge

Malware, which is short for malicious software, has evolved dramatically since first coming on to the scene. The Creeper virus in the early 1970s was a harmless program that simply displayed a message. However, as technology advanced, so did the sophistication and malicious intent of malware and its developers. The 1980s saw the rise of computer viruses like the Brain virus and worms such as Morris, while the 1990s and 2000s introduced the infamous ILOVEYOU worm, which was spread initially via email. In recent years, malware has diversified into more complex and damaging forms, including polymorphic viruses, ransomware, file-less malware, crypto-miners, and rootkits, each posing unique and potentially severe threats to businesses, non-profits, utilities, and government agencies.

1.1 Ransomware

Ransomware has become one of the most notorious forms of malware, with the WannaCry attack in 2017 serving as an early example. This attack affected over 300,000 computers across 150 countries, crippling hospitals, banks, and businesses by encrypting critical data and demanding ransom payments in Bitcoin. The financial losses and operational disruptions were immense, highlighting the devastating potential of ransomware. Ransomware has become one of the most formidable and dreaded cybersecurity threats, evolving into a sophisticated set of Tactics, Techniques, and Procedures (TTPs) used by cybercriminals to extort money from organizations and individuals. Some of the leading ransomware families include Ryuk, which has been linked to the Wizard Spider threat group and is known for targeting large enterprises and demanding multimillion-dollar ransoms. LockBit, attributed to the eponymously named group, has also been a significant player, employing advanced techniques to encrypt data swiftly and efficiently. Other examples of ransomware attacks include the Colonial Pipeline attack in 2021 by the DarkSide ransomware group, which led to fuel shortages across the Eastern United States and highlighted the vulnerabilities in critical infrastructure (despite it hitting the IT rather than OT infrastructure). These are just a few examples of ransomware attacks. Some cybercriminals of late have, instead of using malware, acquired insider credentials, gained access, and exfiltrated data, threatening to leak sensitive data if ransoms are not paid.

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 900+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use