EDR for Everyone Is about Fighting Alert Fatigue


Endpoint detection and response solutions (EDR) are predicted to become a key security technology by 2020, with 80 percent of large organizations, 25 percent of midsize organizations, and 10 percent of small organizations investing in them. Demand for incident response tools that offer early visibility into advanced threats will fuel the EDR market growth, with expectations of a CAGR of 45.27 percent from 2015 through 2020.

The EDR market is already booming, having grown from $238 million in 2015 revenue to about $500 million in 2016. By 2020, it’s going to be a billion-dollar market and could even match the $3.2 billion (2015) endpoint protection platform (EPP) market.

Despite the rapid growth in the EDR market, these preventative controls are still out of the reach of mid-size and small organizations. As EDR requires dedicated security operations center (SOC) teams to manually investigate alerts, the high cost barrier is something that only large organizations can currently overcome. Or is it?

Fighting Alert Fatigue

EDR solutions have emerged from the premise that it’s impossible to prevent all threats, meaning their purpose is to minimize dwell time of an infection while also reducing the amount of damage it can cause. However, managing the number of security alerts for potential threats can be overwhelming for any under-resourced IT team. Because of that, investigation decisions may end up being either ill-informed or based on summary judgements. This broad strokes approach can lead to full network compromise, especially if traditional EDR is not properly managed or used to its full potential.

Since EDR agents often come installed on top of existing EPP agents and other security technologies, such as SIEM, IDS and IPS, security teams are often bombarded with up to tens of thousands of alerts coming from multiple security consoles, making prioritization nearly impossible. Instead of increasing visibility and raising the overall security posture of the organization, this fragmentation and segregation of security consoles only makes security more cumbersome.

EDR should be about having a single agent and a single management console, and only focusing on really important security events, instead of spreading human resources thin. After all, EDR should enable your security “SWAT team” to focus on truly important tasks, and not just chase ghosts and put out fires.

EDR for Everyone

Advanced threat hunting capabilities enabled by EDR agents require alert prioritization and manual investigation by dedicated teams, something that drives costs up beyond the initial purchasing and deployment price. The key to having an EDR solution for everyone lies in detecting advanced attacks using built-in intelligence in the endpoint agent. This lets admins focus solely on specific elusive and advanced threats that have crossed the other layers of prevention, and prevents them from wasting time on false positives. This enhanced security operation enables automated triage of truly important security events, and doesn’t require a full-time dedicated team of security specialists to investigate each and every event or anomaly.

Incident visualization and investigation are also greatly simplified, as detected elusive threats are presented in a comprehensive fashion, with all contextually relevant information, so that the admins can assess the impact of the threat in seconds. This directly translates into swift incident response tactics that enable admins to use surgical precision to remediate the elusive threat by deleting or quarantining it, containing spread.

This type of evolved prevention, which even comes with the ability to fine-tune the protection level of controls from incident response workflows, helps reduce incident response costs by focusing on truly significant alerts. Unlike traditional EDR, which is usually noisy and overburdens already under-resourced IT teams, a smart EDR solution designed to bring the same early detection capabilities but with pinpoint accuracy is within the reach of any organization, regardless of size, vertical, or IT team size.

It’s the Last 1 Percent of Attacks You Should Worry About

Layered security solutions are doing a great job at detecting, preventing and mitigating close to 99 percent of all threats. However, the last 1 percent – or less – are usually the type of sophisticated attack that flies under the radar. The final frontier in cybersecurity involves having the capability of accurately identifying these elusive threats.

The value of EDR for everyone should lie in its ability to fully integrate with your EPP solution, while enabling IT admins to have a holistic view of the security status of the entire infrastructure. This last 1 percent of attacks is not only elusive, but the attacks can also hide behind background noise generated by trivial security incidents, which is why IT admins need the ability to focus on real dangers and problems by preventing, investigating, detecting, and responding to advanced threats effectively and promptly.

About the author: Liviu Arsene is a Senior E-Threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and research departments.

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "http://ift.tt/2CBtc7F"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more