What are the Limits of EDR for the Enterprise?
Endpoint detection and response (EDR) has become one of the critical capabilities in modern endpoint protection platforms. No less an authority than research firm Gartner has stated as much.
Why has endpoint detection and response become such a vital capability in endpoint protection? The cybersecurity paradigm is shifting from a prevention-based model to a detection-based model. Endpoint security, which previously focused on preventive capabilities, is evolving to keep up with changing enterprise priorities. EDR represents essential threat detection for an era of more porous and expansive enterprise IT perimeters.
Yet in this threat landscape, does EDR have its limitations?
The IoT: The Risks Inherent
The benefits of the Internet of Things (IoT) in the workplace can seem innumerable: greater connectivity, more productivity, greater efficiency, etc.
However, the risk of the IoT can be just as overwhelming. IoT devices can remain hidden from endpoint detection and response capabilities and from the network at large. As these connected devices are usually designed without any regard for cybersecurity, this is more than a slight concern. They can become a convenient security hole for digital threat actors into your network and databases.
The IoT devices in your network fall under the umbrella of corporate endpoints. Can your EDR capabilities handle IoT devices? The answer to this question may determine your enterprise’s safety.
EDR Beyond the Endpoint
The modern corporate network is more than endpoints. It also includes the cloud, network data, and log data. According to some experts, endpoint detection and response focuses on the endpoint to the detriment of other digital security event locations. However, not all experts believe this or believe it is necessary for EDR to offer threat detection in these areas. EDR functions best when paired with other detection solutions like SIEM or security analytics.
A comprehensive cybersecurity platform involves both endpoint protection and threat detection. It is essential to ensure the latter meets expectations.