Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams.
Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps.
It's important to understand that each company is unique, and an EDR that a large company uses might not necessarily be the technology that works best when you are leading a small security team, even if you're within the same industry vertical.
Understanding your threat detection technology requirements based on your unique company characteristics will help you choose the right one.
The eBook and webinar "The Dark Side of EDR. Are You Prepared?" helps you in that requirement definition process. It points out the dark side(s) of EDR and provides guidance as to how to overcome them according to your company's unique environment.
The guide takes an in-depth look at these seven considerations during evaluation:
- What does "detect" really mean. When at the end of day detection equals alerts, this guide shows how you can overcome the potentially overwhelming amount of alerts.
- How efficient is the detection. EDR has its share of blind spots. The authors point out these gaps and provide suggestions on how to close them according to your company's risk appetite.
- What does "respond" really mean. When response runs the gamut from manual guidance to automated remediation, you need to understand the terminology and decide on the level of automation that you require.
- What is the management overhead. Think of EDR as a process – from deployment, detection, and response to maintenance. You receive necessary tips as to how to reduce overhead across all process stages.
- What reporting is provided. Some EDR vendors have all the bells and whistles. Is that, though, right for your environment? Learn how to determine what are your reporting needs.
- What complementing technologies are still required. This section focuses on what else you might potentially need beyond the EDR tool– whether it's closing detection and response, integration with security and IT systems, or even outsourcing services.
- Cost. The article rightfully points out that cost is not just about the direct cost of the product. It spells out how you can factor in how to stretch the dollar as well as to the intangible costs such as team burnout, maintenance, etc.
As opposed to most resources that present the value of EDR, this guide focuses on the practical aspects of an EDR evaluation, not just the glorification of the platform. This is a particularly useful approach to small security teams. The good news is that there are new trending approaches, technologies, and methods to overcome these dark sides.