Endpoint Detection and Response (EDR): The Way of the Future?

edr-future-endpoint-detection-response

Vendors and customers alike are facing two serious revelations about the future of endpoint security which this year in particular made impossible to ignore:

  1. It is no longer a matter of if you’ll be attacked. It is a matter of when.
  2. It is not possible to prevent 100% of attacks.

Most enterprises employ signature-based prevention or big antivirus solutions. And in the words of Harish Agastya, Vice President of Enterprise Solutions at Bitdefender, “they keep silently failing. Many other ancillary endpoint-based products – anti-exploit, tunable machine learning – have been created to close the prevention gap, but the real sophisticated attacks have still been able to elude these defenses.”  

Therefore, endpoint vendors are approaching the problem in a fundamentally different manner, emphasizing early detection and minimizing infection dwell time. That approach is Endpoint Detection and Response (EDR).

EDR Capabilities Explained

“According to Gartner, EDR is experiencing explosive growth” says Agastya. “EDR revenues more than doubled in 2016, reaching $500 million. Moreover, the forecast is for almost 50% annual growth for EDR at least through 2020—only 40 million EDR endpoints are currently installed, compared to the estimated 711 million desktop, laptop and other devices that can utilize the software.”

EDR capabilities include:

  • Prevention of cyberattacks at the pre-execution layer without saturating the EDR analytics engine with unnecessarily noisy incident alerts.
  • Support by built-in intelligence from threat protection engines and analysis of behavioral events.
  • Investigation of detected threats, incorporating threat analytics and integrated sandbox testing.
  • Centralized incident response interface that enables tactical remedial actions across your enterprise.

Is EDR the New Face of Endpoint Solutions?

Even with growing excitement and adoption of EDR, Agastya warns that emphasizing the new tool too much might be a double-edged sword. “Can EDR replace all other endpoint security solutions before it? Definitely not. This is like using your elite swat team to fight street crime. Not only is this expensive, it will also take the focus away from the real threats that needs the attention.”

EDR can also be complex to deploy and manage, adding to the stress currently plaguing many overwhelmed IT departments. Enterprises could instead combine pure EDR with antivirus, plus whatever anti-exploit tools and other agents already on their endpoints. According to Agastya, some organization have already tried this and has found some success. “But this approach has not been a good answer for everyone” he adds. “Managing multiple agents adds management complexity, and with EDR typically being noisy, an already overburdened and under-resourced IT team will be forced to make ill-informed incident investigation decisions that compromise the network and the investment decision for EDR in the first place.”

Instead, EDR works best as part of an integrated solution, with machine learning and behavioral monitoring eliminating a high percentage of known threats and EDR handling more ambiguous or elusive threats. This should relieve some of the burden on your IT department and reduce the necessary layer of complexity for managing the solution.

These are important considerations as your look for an endpoint solution and determine how EDR might fit into your security portfolio. There is rarely if ever a one-size-fits-all fix to your endpoint protection needs, after all.  

Thanks to Harish Agastya for the information in this article.

Harish Agastya is VP of Enterprise Solutions at Bitdefender where he is responsible for the company’s enterprise business products and services portfolio. Agastya’s career spans over 25 years in high-tech B2B marketing, product management and R&D. Prior to joining Bitdefender, he held executive roles in marketing and products at other security companies. Agastya has an MBA from UC Berkeley and an MS in Computer Science from Penn State.

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *