A recent blog by Elastic Security Labs details GHOSTENGINE, a crypto miner that leverages an intrusion set (HIDDENSHOVEL) to disable endpoint security solutions (EDRs) on a victim host. While crypto miners may not pose a grave threat to an enterprise, the usage of anti-EDR functions is dangerous and likely to increase in prevalence. In today’s cybersecurity landscape, confidence and reliance upon an enterprise endpoint solution are commonplace; this further increases when leveraging XDR capabilities to add network detection functions. While EDR is a critical component of any cybersecurity framework, Network Detection and Response (NDR) solutions play an equally important role as new vulnerabilities emerge.

*** This is a Security Bloggers Network syndicated blog from IronNet Blog authored by IronNet Threat Research. Read the original post at: https://www.ironnet.com/blog/edr-killing-malware-need-network-detection-ndr