Outwitting Cyber Attackers with EDR and Deception

It takes an average of 65 days for organisations to discover a cyber security breach. Advanced evasive threats are easily bypassing traditional security tools such as firewalls, intrusion prevention systems and antivirus software.

FacebookTwitterLinkedIn
Outwitting Cyber Attackers with EDR and Deception

Shifting from prevention to detection and response

It takes an average of 65 days for organisations to discover a cyber security breach. Advanced evasive threats are easily bypassing traditional security tools such as firewalls, intrusion prevention systems and antivirus software.  

In today’s digitalised and hyper-connected landscape, industrial control systems are increasingly less isolated and more vulnerable to hackers. We are seeing more attacks on critical information infrastructure such as power grids, healthcare operations, transport systems, manufacturing plants, and more. When these get hacked, damages will no longer be limited to revenue, IP or reputation loss. They will be catastrophic, leading loss of lives and homes, ecological damages, or even flooded cities.

According to Gartner, enterprises are transforming their security spending strategy in 2017, moving away from prevention-only approaches to focus more on detection and response solutions. ² Cyber security strategy needs to be reformulated with the idea that a breach is inevitable, and attacks need to be disrupted before they have a chance to cause damage.

Let’s take a look at two solutions that will enable your organisation to adopt a detect, respond and remediate approach.

Endpoint Detection and Response (EDR)

With BYOD adoption, the number of endpoints that need to be protected is growing rapidly. Singtel’s Managed Endpoint Detection and Response (EDR) Service uses a unique combination of real-time big data behavioural analysis and machine learning to protect all your endpoints. It is designed to continuously monitor your endpoints for abnormal and malicious behaviour. As signature-based detection is unable to identify most stealthy APTs, behavioural analysis is used instead, leveraging big data and multiple sources of threat intelligence. Threat activity is monitored in real-time, enabling your security team to unravel an attack, determine its root cause, disrupt the attacker, quarantine infected systems, and harden endpoints against future attacks.

Deception Technology

Deception technology mimics IT and OT assets, creating decoys, vulnerabilities, systems and credentials throughout your network. The result is a “hall of mirrors” environment to lure, confuse and misdirect attackers into revealing themselves. If any of these decoys are compromised, it is a strong indicator that a threat is present, as a legitimate user would not try to engage these assets. This results in lower false-positive rates and reduced time-to-detection. The threat is allowed to detonate within a controlled environment, generating a forensic analysis of the attack.

The strategy of deception is highly effective in securing industrial control systems and SCADA environments. Custom OPC software can be installed to create decoys that are indistinguishable from SCADA devices. Fake credentials are generated on each SCADA decoy to deceive attackers into thinking they have stolen valuable credentials. By luring attackers into engagement traps, threats can be proactively stopped and contained before they can cause catastrophic damage to manufacturing and control systems.

Integrating EDR and Deception technologies into your cyber defence

By integrating these two services into the cyber defence strategy, organisations will be able to take their threat detection capabilities to the next level to secure both IT and OT environments.

Deception technology provides high-fidelity alerts and lower false-positive rates, allowing you detect attacks with greater speed and accuracy. Furthermore, it allows you to analyse and fully understand the lifecycle of the attack, including attack methods, credentials used, targeted files and the extent of the threat’s blast radius. The Singtel Managed EDR service can then use this valuable data to drive its incident response and malware hunt more effectively, thwarting attackers before they can cause damage to other areas of your business.

Contact a Singtel security advisor to find out how you can adopt these solutions to combat today’s sophisticated threats.

1. http://www.gartner.com/newsroom/id/3638017

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.