The proven inadequacy of antivirus and endpoint protection platforms (EPP) in the face of today’s sophisticated evasion tactics, unknown threats, zero-day and fileless attacks is prompting more organizations to implement Endpoint Detection and Response (EDR) products. The market for EDR solutions is growing at a rapid pace, from $238 million in 2015 to $1.54 billion in 2020.1 However, while pairing EDR solutions with antivirus and EPP can provide better protection, reporting and other advanced capabilities, security professionals report struggling with a deluge of false positives and negative impact on both the performance of users’ endpoint devices and network bandwidth.
That is one of the key findings of Osterman Research’s recent survey of why organizations have implemented EDR solutions, or are considering doing so.
Osterman is preparing to release a report on its latest research, but before they do, I’m excited to announce that Osterman Research Founder Michael Osterman will join me for a live webinar to review the survey findings, discuss the critical role EDR plays in the modern security stack, and how it must evolve to keep pace with the ever-changing threat landscape.
Register to attend this webinar “Endpoint Detection and Response – Past, Present and Future” on Tuesday, May 7th at 1 p.m. Eastern by following this link.
Among the topics we’ll cover:
- Why more organizations are turning to EDR
- Ranking of EDR features
- Possible concerns about deploying EDR solutions
- What questions you should ask an EDR vendor
- Why the future of EDR is spelled E-P-R
I don’t want to give too much away, but I will set the table with a short review of why many security pros worry that the EDR solutions they recently implemented are already growing obsolete.
EDR solutions continuously monitor, record and analyze all activities and events on the endpoint. Osterman found that the most important reasons for deploying an EDR solution are its ability to protect against fileless malware, the ability to improve post-breach remediation capabilities, and their ability to provide improved threat telemetry over conventional security solutions.
However, while EDR solutions can use automation to some extent, they require investments in security staffing to make full use of their features and functions. Osterman’s research found those investments don’t usually pay off.
Respondents report dealing with a number of issues, with the most serious – noted by 45 percent of those surveyed – being how the event collection process impacts the performance of endpoints on the network. Also of concern are the potential generation of false positives, difficulties in demonstrating the return-on-investment (ROI) of EDR solutions, and potential impacts of EDR solutions on network bandwidth.
It promises to be a fascinating and educational discussion. Register to attend today and we’ll send you a placeholder for your calendar. After the webinar ends, we will send you a link to access and download the full report.
If you have any questions you would like me to present to Michael Osterman, let me know via Twitter and LinkedIn.