Cybersecurity faces a constant challenge: innovation from adversaries. The rise of offensive artificial intelligence (AI) is transforming attack strategies, making them harder to detect. Threat actors use large language models (LLMs) to hide code and generate malicious scripts on the fly. These attacks demonstrate unprecedented sophistication and expose the limitations of traditional defenses.
In this new landscape, relying solely on Endpoint Detection and Response (EDR) is insufficient. Combining EDR with Network Detection and Response (NDR) has become essential to counter modern threats.
The Evolution of Evasion Tactics
Cyber attackers have developed new techniques to bypass signature-based defenses and traditional EDR systems:
- AI Orchestration: AI-orchestrated cyberespionage campaigns have been documented that automate entire stages of the attack, from initial access to data exfiltration.
- Steganography Techniques: Attacks like “ClickFix” use steganography (hiding malware inside image files) to slip through signature-based scans. These attacks trick users with fake software update screens or CAPTCHAs to deploy remote access trojans (RATs).
- AV Exclusion Rule Exploitation: Attackers use social engineering, man-in-the-middle attacks, and SIM swapping to convince victims to disable security products and delete email notifications, allowing malware to spread without triggering endpoint alerts.
Limitations of EDR against Modern Threats
The aforementioned techniques have a common factor: the ability to evade legacy defenses such as EDR. The speed and scale of AI-powered attacks exceeds the capability of some EDR systems designed for previous threats.
- Hidden Lateral Movement: Modern attackers combine threats that cross multiple domains (identity, endpoint, cloud) into a lethal mix. Malicious actors hide behind this complexity to increase their reach and make detection more difficult.
- Living off the Land (LoTL) techniques: In the 2023 Volt Typhoon attack, Chinese state-sponsored actors used LoTL techniques on unmanaged network edge devices (such as SOHO routers), bypassing endpoint detection. The attackers were able to alter the packets to make them appear to come from a legitimate source, but the anomalous network traffic detected by NDR gave away the attack.
- Vulnerabilities in Remote Work: The increase in remote work and the use of VPNs introduces new blind spots. If an EDR does not detect that an endpoint is already infected before connecting to the corporate network via a VPN, malware can easily spread.
EDR + NDR Synergy as a Solution
The combination of EDR and NDR offers a more robust defense by complementing the strengths of each system:
- EDR (Endpoint Detection and Response): Focuses on what happens inside each endpoint, monitoring the internal activity of the device.
- NDR (Network Detection and Response): Continuously monitors the network environment, detecting threats as they pass through the organization. It specializes in identifying behavioral anomalies and deviations from typical network patterns that are missed by the EDR.
The synergy between both systems is crucial:
- Multi-domain Threat Detection: Groups like “Blockade Spider” use multi-domain attacks. To detect them, NDR needs to gain visibility into virtual systems and cloud properties, while EDR monitors managed endpoints. The combination allows lateral movement to be tracked throughout the network.
- Blind Spot Visibility: With the rise of remote work and VPNs, NDR can identify weak entry and transit points, while EDR can provide evidence of a compromised account used as a pivot point.
Conclusions
Adversaries will continue to innovate, especially with the advancement of AI. Reliance on isolated security systems, such as EDR alone, will leave organizations vulnerable to next-generation attacks. Adopting a combined EDR and NDR approach, where both systems work together to share metadata and signals, is essential to detect innovative techniques and respond decisively to emerging threats, significantly reducing risk to the organization.
Confidence
What would we do in these cases?
Defensive Cybersecurity | Protection and Response to Threats - Comfidentia
Defensive cybersecurity services: digital forensics, secure software development, vulnerability management, threat intelligence and incident response. Protect your networks and servers with our defensive security solutions.
Forensic Analysis
Discover the truth hidden in the data with our Forensic Analysis service. We collect, examine and thoroughly analyze every digital trace to reveal the root cause of any incident. Our team of experts follows the key steps: Identification, Acquisition, Analysis and Presentation of solid evidence. Don’t waste any more time searching for answers, trust our experience to reveal the evidence you need.
Vulnerability Management
Don’t risk the security of your company! With our Vulnerability Management solutions, you won’t just get a simple scan or risk assessment, but a complete assessment together with your team. Our approach goes further by proposing real and lasting solutions, adapted to the specific capabilities and needs of your business and systems.
Protect your Brand from Cyber Threats
Protect your business today with Brand Intelligence! Our specialized service provides you with valuable information about possible malicious actors trying to impersonate your brand or domain. By detecting these threats, you can take quick and effective measures to safeguard your company’s reputation. Don’t let cybercriminals damage your image, trust Brand Intelligence to keep your business safe at all times.
Secure Software Development
With our specialized tools and skills, you can create vulnerability-proof applications and programs from start to finish. Our approach is based on a robust model that includes secure design, development process, vulnerability management and information security. This ensures that your software is protected at every stage of the process. Source: See more at Comfidentia
Other related pages:
Schedule a presentation with Comfidentia
References
Original source: See original article