The Critical Role of Endpoint Detection and Response

Security professionals, business decision makers, boards of directors, regulators and others are increasingly concerned about cybersecurity issues and the potential for major business disruptions like data breaches, various types of security incursions, and other problems.

Conventional security solutions are useful and provide some level of protection. The variety of antivirus solutions, firewalls, secure web gateways, security incident and event management (SIEM) solutions, anti-ransomware solutions, cloud security tools and other systems provide protection against many threats. However, Osterman Research surveys, as well as those of many other analyst firms, find that the current level of protection is simply not adequate in many cases due to improving evasion tactics, end users who work outside of perimeter defenses (e.g., from airports, coffee shops or at home), infected USBs, fileless attacks, etc.

To address these deficiencies, a rapidly growing number of organizations are deploying endpoint detection and response (EDR) solutions as a supplement to their existing security defenses. An EDR solution can demonstrate that threats will be monitored closely, highly detailed information about endpoint events will be retained for an appropriate length of time, and remediation of security threats will occur as quickly as possible.