Endpoint Detection and Response (EDR) is like a flight recorder for your endpoints. Most days it quietly listens and logs activity on the endpoint, but that data can be critical to security analytics if anything bad happens. EDR can answer important questions like:
Is there an advanced threat actor present on my endpoints?
Who are they and how did they get in?
Which endpoints have been compromised and what was taken?
How do I evict the threat actor and keep them from returning?
Endpoint security and visibility are important to security analytics. With remote workforces, weak passwords and end user error, the endpoint is often an easy path to compromise an organization. Our incident response team observed ample evidence of this in the months after COVID-19 forced many businesses to go fully remote.
EDR telemetry is a rich source of data, but sifting through the benign noise to find potential threats while monitoring information from hundreds or thousands of endpoints isn’t easy to do manually. It requires a lot of time and skill, and frankly, looking through so much data can be tedious and probably isn’t the best use of limited in-house security resources. In the past we solved the problem of securing your endpoints on and off the corporate network by having an MSSP manage EDR tools.
While it’s clear EDR is important to security analytics, it isn’t all you need. Most organizations have some endpoints without any EDR software, and even those endpoints which do have EDR, can still miss cyberthreats without network and cloud telemetry to build a full picture. This is why an increasing number of organizations are replacing ..
Support the originator by clicking the read the rest link below.
