Organizations large and small are adopting endpoint detection and response (EDR) solutions to provide visibility into their networks. However, according to security researchers, many organizations’ percentage of EDR coverage on endpoints is in the range of 60-70 percent, leaving 30-40 percent of devices out of their control, greatly increasing an organization’s cyber risk.

Out-of-control devices are classified as traditional, digital transformation driven, and rogue. In addition, varying governance practices and policies can also produce a gap in device visibility. Out-of-control devices could provide threat actors with initial access into a victim’s network and a means for them to maintain persistence without tripping traditional security controls. To solve this lack of visibility, network defenders can employ solutions that capture metadata of network traffic and update organizational policies for cybersecurity practices – activities that complement WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, #1 – Perform Asset Inventories, #9 – Develop and Enforce Cybersecurity Policies and Procedures (Governance), and #10 – Implement Threat Detection and Monitoring. Read more at SecurityWeek.