Recently, cybersecurity experts reported that many EDRs are vulnerable to an attack that takes advantage of the “delete after reboot” command to maliciously wipe data. Endpoint security solutions traditionally use this feature to force a reboot and delete malicious files. Malicious actors have now weaponized the feature to delete important, and otherwise, uncompromised data.
Even some of the most prevalent EDRs are vulnerable to this attack. First and foremost, we want to assure all those utilizing our MAED solution that you are safe. Deep Instinct confirmed that it “is unaffected by a specific vulnerability that was found in most EDR solutions”. Our EDR solution, powered by Wazuh, has also shown resiliency through these types of attacks.
This vulnerability brings up a critical security aspect to consider, however, regardless of the solutions you’re using.
Separation of tools
We firmly believe in spreading out your security stack rather than put all your eggs in one basket. Those using a potentially compromised EDR solution as their primary (and often only) means of cybersecurity are now at heightened risk for down time, permanent data loss, and customer loss. At the very least, they’re not confident as they go to bed tonight.
On the other hand, our MAED Partners have separated their prevention and EDR tools. Deep Instinct powers our prevention-centric cybersecurity protection platform. If for some reason something compromised Deep Instinct, we would fall back to our EDR solution, powered by Wazuh. On a day-to-day basis we utilize EDR primarily for added telemetry and data in case of an attack. It is also helpful in detection of indicators of compromise should something go wrong.
On the other hand, if this incident compromised our EDR, we would fall back to the prevention-based protection from Deep Instinct. We say this not to toot our own horn, but to illustrate the importance of utilizing a tool for a single purpose. This puts the tool in its proper lane and arms you with the right weapons to achieve true security. This applies to all layers of your cybersecurity stack.
Eliminate EDR Vulnerability Threat + Protect Yourself
In recent months, we have invited all MAED partners to add EDR to their existing MAED agreements. EDR will also roll-out with future MAED agreements, as well. If you have not taken advantage of the opportunity to add EDR to your MAED tenants, now is the time to do so. Maximize your cybersecurity defense by separating tools. Please contact support@blokworx.com to get started as an existing MAED partner. If you’re ready to ramp up your cybersecurity defense by adding MAED to your solution stack, please contact sales@blokworx.com to learn more and get started.