Leading analyst firm Gartner has recently published a comparative assessment called Comparison of Endpoint Detection and Response Technologies and Solutions*. This is the first direct competitive analysis of endpoint detection and response (EDR) vendors. The report provides an assessment of how products address the key capabilities and use cases identified for EDR tools. CrowdStrike scored “Strong” in all use cases evaluated, including:
- Incident data search and investigation
- Suspicious activity detection
- Threat hunting or data exploration
- Stopping malicious activity
- Alert triage or suspicious activity validation
Gartner believes implementing an EDR tool should be part of an overall endpoint security strategy. The endpoint security strategy must be an integral component of the Adaptive Protection Architecture, which covers preventive, detective, retrospective and predictive critical competencies. The report states that the general perception of insufficient endpoint security capabilities currently in place, together with the better understanding of prevention technologies limitations, are still the major drivers for the EDR market.
We believe the Gartner report is great validation of CrowdStrike’s next-gen endpoint protection platform. Our approach is to combine advanced prevention technologies with rapid detection and response. Learn more about Falcon Host Endpoint Detection and Response and to learn how CrowdStrike prevents breaches. Falcon Host includes an EDR component that provides all of the capabilities laid out by Gartner. It records all activities of interest on an endpoint for deeper inspection — on the fly and after the fact — allowing users to quickly detect and investigate attacks that passed through traditional prevention mechanisms.
*Gartner, Comparison of Endpoint Detection and Response Technologies and Solutions, Augusto Barros, Anton Chuvakin, 10 June 2016