Expert Video: Responding to EDR Bypass
On a CSIS webinar broadcast in May 2026, Jan Kaastrup — CIO at CSIS Security Group — detailed two ways that attackers are seeking to overcome and disable Endpoint Detection and Response (EDR) systems. One technique targets web browsers, using malicious extensions to steal information. The other leverages vulnerable drivers to neutralise EDR tools entirely.
In this video, Jan explains how organisations can defend against these threats.
Duration: 6 minutes
Audience: CISOs and heads of information security; SOC managers and security operations leaders; IT and security architects; endpoint, infrastructure and technology owners responsible for security outcomes.
Date: May 2026
Jan’s recommended actions
-
Disallow synchronisation of browser extensions
-
Maintain a whitelist of extensions that you trust
-
Block vulnerable drivers through enforced policies
-
Establish a proper incident response process
-
Run regular 'health checks' on your EDR devices
-
Use 'purple team' testing to simulate attacks
-
Integrate threat intelligence into your EDR solutions
About CSIS
CSIS Security Group A/S is a leading European pure-play provider of tech-enabled cybersecurity and intelligence services. Operating 24/7, we deliver Managed Detection & Response, Incident Response, Security Consulting across all sectors, and provide a world-class threat intelligence capability through our SecAlliance brand. Accredited by organisations including CREST, we actively support global security initiatives to positively impact the cyber community.
