Four key information flow characteristics that IT needs to look for in their EDR solution
The endpoint detection and response space has become an indispensable part of endpoints and endpoint management. It is even being credited with influencing a rebirth of endpoint security, and where Peter Firstbrook, a vice president at Gartner finds that a lot of companies are looking for an additional solution for their endpoint because they don’t feel like their existing endpoint protection vendors protect them. EDR can truly drive endpoint management’s future into a more proactive one, and provide a bridge to holistic endpoint security.
In this post, we will look at the four key attributes of information flow from endpoints that IT teams should expect from their EDR solution in order to make this critical transition successfully.
- Information straight from the source: In a fast-changing endpoint environment, it is important for the EDR solution to get information straight from the endpoints rather than from an intermediate storage, a database or cache.
- Information in real-time: Given the fast-changing and dynamic nature of endpoints and pace of corporate working today, it is important for the EDR solution to provide the most current information on their endpoints. Think seconds and minutes, not days and weeks!
- Information when they want it (and at fingertips): IT operations and security teams use multiple tools for managing and securing their network and endpoints, including DLP, disk encryption tools, endpoint management solutions, anti-virus, firewall and many others, all of which have a specific cadence of operation and purpose. A great EDR solution provides an integrated view, and enables IT to run queries “out-of-cycle” from regular operations and when they want it most.
- Information that is specific: While the attackers are sharpening their attacks on individual endpoints and applications, IT’s search and remediation action cannot be blunt. IT needs to have a way to quickly zero in on specific configuration items and attributes that are critical, identify patterns in them, and be able to view the results graphically for fast and accurate remediation.
For an in-depth analysis of the changing endpoint environment and the implications for endpoint management and security teams, download our free white paper, Advanced Endpoint Management and Security – Real-time visibility and remediation for today’s endpoint assets.