Malware Identification using Endpoint Detection and Response to Safeguard Enterprise Networks

Project Title

Malware Identification using Endpoint Detection and Response to Safeguard Enterprise Networks

Project Area of Specialization Cyber SecurityProject Summary

We are focusing on the development of indigenous endpoint detection and response tool to meet the required need of today’s industrial world to secure and protect from cyber-attacks. Our developed solution will follow the concept of Endpoint Detection and Response (EDR) with complete endpoint host detection with central management of threats emerging threats and anomalies in IT environment. EDR is an element of endpoint protection which provides continuous monitoring and response to advanced threats on endpoints and along with Centralized Access Control that will fortify the enterprise network. 

Project Objectives

The main objective is to develop an effective EDR: We also aim the following things in our project.

• • To provide a system that can identify/detect malwares and their behaviors.
  • To develop a software that can scan malicious web URLs.
  • To deploy a Centralized Management System to monitor malicious activities.
  • To provide companies such as banking industry with an Endpoint Detection and Response feature.
  • To provide the scanning feature of any external device (USB, External HDD, SSD) which is connected to any endpoint agent in the network.
  • To schedule the scanning mechanism.
  • To develop a system which can efficiently predict, prevent, detect and respond to any malicious activity.
  • To introduce better and reasonable security policies in the market which guarantee their security in the most effective way.
  • It is different from normal antivirus as it guarantees security and protection for the whole distributed system.

Project Implementation Method

We will be using Virtual Environment techniques for monitoring threats and detection. Our final product will be an efficient endpoint detection and response mechanism which will be able to predict, prevent, respond and analyze the system. This will be done using multiple open source tools and integration of our indigenous detection engine.

Our product will scan and compare with the database of signatures of malware present in our database, and then indicate any threat which may occur in the system. This will be done using centralized management system to ease organizations to keep an eye on the network and threats emerging in there networks.

Benefits of the Project

With data breach counts increasing and mitigation costs rising, it’s important to strengthen endpoint security as part of an overall defense in depth security strategy. Layering endpoint security with Security Information and Event Management (SIEM) solutions is one way to strengthen defenses and keep organizations safe our solution will be integrated with third party SIEM products also.

Improve Visibility and Endpoint Threat Detection

• Most threats enter an organization’s infrastructure from the endpoint. “Always on” devices extend an organization’s network perimeter and make it challenging to monitor and manage for compliance.
• Better endpoint visibility detects and blocks threats sooner, especially when integrated with a SIEM solution that correlates large amounts of data and suspicious activities in real time.
• A proactive approach to endpoint security can stop unknown malware to ensure that only approved programs, applications, and processes that meet an organization’s policies can run.
• Legacy devices or unpatched systems that hold valuable company data can also be protected by EDR solutions.
• EDR prevents the lateral spread of attacks by combining endpoint and SIEM-enabled behavior observations across the entire network that is effective against mitigating zero-day and mutating threats.

Save Time and Money   

• EDR catches threats early as they enter an organization, thereby reducing the need to spend valuable time re-imaging workstations that become infected.
• A joint deployment of EDR and SIEM enables visibility from one console with a “single pane of glass” that increases cybersecurity efficiency and effectiveness.

Increase Operational Effectiveness

• A layered defense with EDR detects suspicious insider actions and reduces lateral movement that allows adversaries to use “low and slow” techniques such as Advanced Persistent Threats (APTs).
• EDR enables a single network administrator to manage over 10,000 systems with several modes to achieve endpoint policies ranging from allow to deny.
• Although EDR increases overall log volume, integrating EDR with SIEM and a managed service helps reduces false positives and prioritizes events worthy of incident response actions.

EDR is transforming endpoint protection by securing sensitive data found on workstations and servers for organizations of all sizes, from small-to medium-sized businesses (SMBs) to multi-branch businesses and enterprises. What’s in it for you as a service provider? Many Managed Service Providers (MSPs) are looking to expand their revenue by adding security services to their portfolio. Organizations are more familiar with EDR use cases and benefits, facilitating rising customer adoption rates. EDR, therefore, provides fast time-to-value for providers by solving highly-visible endpoint security challenges.

Technical Details of Final Deliverable

Our EDR will be consistently updated with progressive malware signatures. Any activity which tries to manipulate data in the specified directories, will be detected, analyzed, and deleted if the need occurs. This process will take place at multiple endpoint agents by the network administrator, who can also monitor real time threat alerts from the centralized controlling system.

Any agent indicating any sort of threat will be quarantined immediately from the server, until it gets analyzed by the security analyst of organization.

Final Deliverable of the Project Hardware SystemCore Industry SecurityOther Industries IT Core Technology OthersOther TechnologiesSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources

Item Name	Type	No. of Units	Per Unit Cost (in Rs)	Total (in Rs)
			Total in (Rs)	79900
memory chips	Equipment	7	5700	39900
Solid-State Drive	Equipment	5	6000	30000
Documentation/Printing/Binding	Miscellaneous	1	10000	10000