1 |
Efficacy — How Does My EDR Catch The Threats That Matter Most ? |
3 |
Ease Of Remediation — Once An Alert Is Triggered , How Easy Is It To Address The Issue ? |
|
• A key requirement of any EDR offering is that it is lightweight and complements existing antivirus ( AV ) products . AV is a must-have solution to protect against the most common threats . EDR , however , is going to provide you with the defense-in-depth capabilities to detect and respond to stealthy threats that AV inevitably misses .
• Unlike AV , which relies on signatures of known threats , EDR detects suspicious behaviors that by themselves would not be problematic but , in tandem , can indicate a breach in progress . By spotting unusual behaviors , you gain an additional way to stop threat actors from wreaking havoc .
• Certain attacks , such as fileless malware that reside in memory , are so sophisticated that even the best AV often fails to stop them . Having EDR that can spot malicious code running in memory is critical .
|
• The MITRE ATT & CK framework is an invaluable tool for understanding tactics and techniques of threat actors . It codifies myriad common and not-so-common threat activities . Having an EDR tool that maps to the MITRE ATT & CK framework makes remediation easy and quick by giving users a common resource to utilize and leverage .
• You also want an EDR tool that provides stepby-step guidance on best practices to quickly and efficiently remediate indicators of compromise . Without it , the burden of remediation falls on you to figure out what steps to take in order to contain and remediate a breach .
• Ideally , when an actionable alert occurs , you can simply click on your EDR dashboard to isolate hosts , terminate processes , and take other actions without having to switch consoles or apps .
|
||
2 |
Alert Fatigue — What Will The Alert Volume Look Like Once EDR Is Running ? |
4 |
Integration — Is Your EDR Integrated With RMM Tools ? |
|
• Most enterprise EDR solutions are designed to spot anything and everything that looks unusual . In doing so , these solutions generate a lot of alerts — so many , in fact , that most SOC analysts can ’ t keep up with the volume . Because of this , SOC analysts will detune their EDR to generate fewer alerts . The unintended consequence often results in threats that otherwise would be flagged by the analyst .
• Not every alert is a threat . To avoid alert fatigue , you want an EDR solution that zeroes in on the threats that really matter , which frees up resources to focus on other activities while ensuring strong security .
|
5 |
For MSPs and IT departments that remotely manage endpoints , your RMM tool may be your primary tool and dashboard for endpoint management . Because of this , having an EDR tool integrated with your RMM tool makes daily workflow easier and more efficient .
Ease Of Use — How Easy Is The Tool To Use , Manage , And Deploy ?
You want a tool that is simple to understand so you don ’ t spend hours trying to learn a complex , new system . Your time is valuable , and leveraging a tool that is effective , efficient , and easy to use will pay dividends .
|
|
VOLUME 4 ISSUE 2 • MSPSuccessMagazine . com | 13 |