Swisscom Launches New Managed Endpoint Detection & Response Service

Swisscom has recently launched a new managed endpoint detection & response service for businesses.

Laptops, desktops and smartphones are the focus for cyber criminals. Preventative measures on their own are not enough to stop them. To respond to sophisticated cyber attacks, additional protective measures are needed, such as an Endpoint Detection & Response (EDR) system, said Swisscom.

Unlike signature-based antivirus software, EDR analyses device behaviour and looks for anomalies. The dashboard allows customers to track everything in real time. This ensures that potential security vulnerabilities can be revealed across all end devices. Security alerts are automatically investigated and resolved where possible, which frees up the security operations team.

However, EDR does not automatically detect and prevent all attacks. EDR needs to be integrated into overarching security solutions and embedded into a Security Operation Center (SOC), and experienced security analysts often need to evaluate suspicious endpoint behaviour. With EDR, analysts can focus on a smaller number of suspected attacks (handled alerts) and do not have to evaluate thousands of events and logs, massively reducing their workload. If an incident does occur, EDR gives the security team a rapid overview of the monitored IT infrastructure and enables them to respond immediately across all the endpoints, by isolating an endpoint compromised by malware or by moving suspicious files into a quarantine directory.

EDR is therefore not a standalone solution and should be integrated into existing security solutions and processes. EDR from Swisscom can be combined with SOC as a Service or CSIRT as a Service, for instance. This allows Swisscom customers to mount a successful defence against fileless attacks such as malware, invasive programs and zero-day exploits.