Endpoint detection and response (EDR) is perhaps one of the most compelling and pivotal cybersecurity capabilities in modern endpoint security. Endpoint protection platform providers have made major moves in 2018 to introduce new EDR capabilities to their solution platforms or to acquire other providers who offered strong EDR in their solutions.
Moreover, Gartner—one of the most recognized technology research firms in the industry— considers EDR to be one of the key capabilities of evaluation in their Magic Quadrant reports for Endpoint Protection Platforms.
The reasons why are apparent with a quick look at the current endpoint security market. Unfortunately, even the most secure digital perimeter cannot repel or deter 100% of modern cyber attacks and threats. Eventually, a threat will enter your enterprise’s network, thereby shifting the priority in cybersecurity from protection to detection and remediation. EDR allows endpoint security solutions (which are primarily focused on the perimeter) to perform threat detection and mitigation on potentially infected networks. It adds a vital layer to enterprises’ InfoSec perimeter.
However, EDR is not a simple technology. It requires time and attention from your security team to function at optimal levels. Without the proper maintenance and threat intelligence, EDR will not be able to catch the threats constantly bombarding your network. Furthermore, EDR can run into the same false positive problems as their SIEM counterparts, wearing out your security teams with false alarms.
If your team plans to implement it, your enterprise needs to get your EDR right. But how?
To Get Your EDR Right, Know What You Are Protecting
It is easy for security teams to ask the big picture questions in cybersecurity when deploying a new technology or endpoint security solution:
- How will we deploy EDR across the entire enterprise?
- How long will it take?
- How will we foster adoption in our employees?
- How will it integrate with our current endpoint security and other cybersecurity solutions?
To be sure, these are important questions to ask. However, asking these questions might be thinking too far ahead. To get your EDR right, you need to instead ask what you wish to protect with this new capability.
Like all of cybersecurity, you do not need to deploy EDR all at once across the entire network. In fact, it may be wiser not to deploy widely at first. Starting small and focusing on protecting the most important digital assets and databases will enable your security to get an understanding of how EDR integrates with your current technology, how it functions, and how it can be optimized effectively. With that knowledge, deploying it further afield will prove much easier.
Integrations Matter in EDR
When it comes to how to get your EDR right, we mention technological integration a fair amount. This isn’t an idle consideration: EDR works best when paired with other cybersecurity solutions such as SIEM, identity management, or threat intelligence. Only through these technical incorporations does EDR’s detection and remediation perform optimally, and they can only be achieved with proper vendor integration.
On the other hand, integration issues can hamper your cybersecurity efforts overall due to technological clashes, new vulnerabilities, and security gaps. EDR is not a solution to technical problems.
Improve Your Endpoint Visibility
You cannot protect what you do not know is there. If you intend to get your EDR right, you need to take the steps necessary to increase your network and endpoint visibility. After all, the average IT environment boasts far more devices connecting to it than employees; it often includes remote workers and the IoT (which can be notoriously difficult to find on security networks). Secure your unmanaged devices and work to maintain visibility even as your perimeter expands.
Latest posts by Ben Canner (see all)
- Symantec Acquires Luminate for Hybrid-Based Security - February 14, 2019
- 4 Tips to Improve Your Endpoint Perimeter Security - February 13, 2019
- Endpoint Management vs. Endpoint Security: What’s the Difference? - February 12, 2019