In a recent webcast, “The Maturing of Endpoint Detection and Response (EDR): Choosing the Right Solution,” Forrester Senior Analyst Chris Sherman and CrowdStrike Director of Product Marketing Con Mallon discussed the important factors organizations must consider in selecting an effective EDR solution. This blog focuses on Sherman’s overview of the EDR market and current trends.
Sherman opened the webcast by explaining the rise of the endpoint detection market, a phenomenon he has been tracking for many years. “One of the most interesting trends I’ve covered is the increase in detection tool adoption by companies both large and small, due to the fact that attackers have progressed past the point where prevention alone can keep out even the relatively unsophisticated attackers.” However, he also cautioned, “I’ve seen too many missteps by companies as they try to build out and add a detection strategy into their overall security strategy.“
He also focused on trends he’s observed in the threat landscape, noting the dramatic increase in targeted fileless attacks, and the fact that more attacks are aimed at corporate servers and corporate-owned employee devices. Sherman talked about how organizations are reacting to these rising challenges, citing several findings that illustrate the buyer’s confusion when it comes to endpoint security. For instance, there are a large number of new endpoint security providers entering the market — he is currently tracking 100 vendors — which can lead to buyer confusion, “Buyers want to make the decision but choosing the right tool can be difficult,” he said. The most popular choice buyers make is purchasing anti-malware tools, yet signature-based tools are failing consistently because so many modern attacks don’t involve signatures. “Buyers know that they need a new generation of tools — there’s a gap in their security — but they aren’t sure how to close it,” he said. “While some choose to rip and replace, more are choosing to augment their security tools to address the gaps,” he added.
Factors to Consider
Sherman concluded by offering some factors buyers should consider as they look to buttress their endpoint defenses:
- Look for balance between prevention and detection — prevention tools can reduce your attack surface and are important. Choose prevention technologies based on the level of risk you face and its impact on end users.
- He stressed the importance of finding tools that have a low false positive rate. He explained, “EDR solutions that include advanced pattern recognition and classification can help immensely, such as machine learning, entity-based analysis and baselining.”
- With EDR tools, the speed of response and remediation is critical. Sherman emphasized that to achieve that speed, you need automation and cautions that though many solutions are offering different levels of automation, some require more manual interaction. He advised, “Look for tools that balance your staff’s capabilities with the level of automation a solution offers. Too many organizations invest in manual tools that stretch their staffs’ abilities to manage them — complexity impacts speed and can stand in the way of IT staff effectiveness.”
- He has observed more customer satisfaction with solution suites that are tightly integrated. A poll taken during the webcast found that attendees prefer integrated suites over multiple point products by a rate of 66 percent to 34 percent.
- Strong efficacy is vital, and considering the number of endpoints today’s organizations are encompassing, your EDR should protect them whether on or off the network.
View the on-demand webcast: The Maturing of Endpoint Detection and Response (EDR): Choosing the Right Solution