Attacks on the software supply chain have been among the prominent cybersecurity events in the past few years. In 2018, leading chip maker TSMC suffered a malware attack that affected over 10,000 devices. In 2020, the infamous SolarWinds and Codecov attacks demonstrated how software supply chains continue to be vulnerable. Software is being targeted by threat actors. Reports say that software supply chain attacks are set to increase in frequency and severity in 2023 and the years ahead.
One way to address the threats to software is to make sure that code is secure and resilient. The likelihood of software attacks succeeding drops significantly if the code itself is free from errors, bugs, and vulnerabilities. That’s why it is important to observe best practices in code writing as part of establishing a robust security posture.
Code resilience through EDR
Code resilience entails the ability to continue to function as intended while encountering errors and unexpected challenges. This means that the software continues to be available and functional while it is being attacked or while vulnerabilities are being exploited. This is a vital characteristic for any system and something every software engineer should target to avoid data losses, malfunctions, and other undesirable consequences.
To write resilient code, the first things that most likely come to mind are the implementation of effective error handling, fault tolerance, recovery mechanisms, adaptability, and scalability measures. However, it is also worth looking into endpoint detection and response (EDR). EDR may sound remotely related to code resilience, but it is quite useful for this purpose.
EDR is a cybersecurity technology created for endpoint monitoring and response. Endpoints are devices that connect to networks and allow humans to interact with computing resources. These include laptops, desktop computers, workstations, smartphones, mobile and wearable devices, as well as IoT gadgets.
Endpoint detection and response is often used as part of an organization’s cyber defense system, but it can also provide the added benefit of enhancing security in software development. This is possible mainly because of EDR’s ability to provide real-time visibility into system activities, the detection of anomalous activities, and the automation of certain steps to address the presence of threats.
How EDR supports code resilience
Five EDR functions make it useful for writing resilient code. These are the early detection of code issues (real-time visibility), the automation of code review, threat intelligence, behavioral analysis, and incident response.
EDR can be used to continuously track not only code repositories but also the build processes and software deployment pipelines. This function makes it possible to detect anomalies in the code itself, the failure to follow secure coding practices, and changes in the software as it is being deployed. Software development teams can collaborate with the cybersecurity team, which is responsible for the deployment of EDR, to share insights to promptly detect issues in software development, building, and deployment.
Concerning code issue detection, EDR systems can automate code review based on predefined coding standards and best practices. Once the code is completed, it is subjected to an evaluation process to ascertain code quality and initiate rectification procedures if there are anomalies found.
Additionally, EDR usually comes with the ability to present actionable threat intelligence. Endpoint detection and response systems usually employ various threat intelligence sources to stay updated on the latest threats, including those that affect software supply chains. Up-to-date threat information helps developers proactively secure their code. It allows them to identify vulnerabilities in their projects to plug them before deployment and anticipate other threats based on patterns determined in the threat intelligence pool.
Moreover, EDR has behavioral analysis as part of its core functionality. It can monitor and analyze patterns of behaviors, especially in the apps and operating systems of endpoint devices. Doing this makes it possible to spot anomalous or malicious behavior without relying entirely on threat signatures. This behavioral analysis function usually involves the establishment of baseline (safe) behavior, anomaly detection, threat identification, incident investigation, machine learning, and continuous monitoring.
Lastly, EDR has an incident response component that can also support the writing of resilient code. Most endpoint detection and response systems can detect code-related vulnerabilities and incidents to initiate rapid response, including mitigation and remediation. It accelerates the identification of the part of the code that is deemed vulnerable to make sure that developers address the issues promptly.
Best practices in leveraging EDR for code resilience
As organizations shift left and adopt DevSecOps practices, it is a given that cybersecurity staples like EDR will eventually intertwine with the software development process. To achieve the best outcomes, it is advisable to take into account the following best practices.
- Continuous monitoring – Reviewing code periodically or only upon completion is essentially a futile exercise. Monitoring of the code and other factors involved in the software supply chain should be a continuous and consistent process. Code resilience is an ongoing effort, not a one-off activity.
- Automation – Many aspects of ensuring the security and integrity of the software development process can be automated. Organizations should adopt automated workflows especially when it comes to code review and threat detection. EDR has automated functions to complement or supplement software code, build process, and deployment review procedures.
- Collaboration – Bringing EDR into the software development process requires a great deal of collaboration. There has to be close coordination to identify targets and capabilities before relevant information and insights can be shared to improve the security and resilience of a software project. It would be difficult for the team responsible for EDR to provide useful inputs to the software development team without the latter indicating their requirements and identifying specific concerns. Both sides need to collaborate seamlessly while also taking into account their separate responsibilities in an organization.
- Cybersecurity training and awareness – To optimize EDR’s impact on software development, software developers need to know more than just the basics of cybersecurity. Without security proficiency, developers may not appreciate the insights EDR can provide. It also helps to lay out targets for achieving code resilience to avoid confusion and maximize the use of EDR in the development project.
It is also important to be mindful of the difficulties of undertaking EDR with the development process. For one, things can get complicated. There are many opportunities for misunderstanding, so both the development and security teams should consider going through relevant orientation or training.
In conclusion
EDR is a powerful tool for cybersecurity and can be highly helpful in producing secure and resilient code. It allows development teams to address security issues in their code by detecting anomalies early and making it easy to spot indications of vulnerability in code. However, the positive effects of EDR on code resilience are not automatic. The development and cybersecurity teams need to work closely together and ensure that they are on the same page as they share their expertise toward building efficient and secure code.
Related: Should You Choose MDR or EDR for Your Company’s Endpoint Security Needs