While these newer technologies are powerful and vital to our modern cybersecurity ecosystem , we ignore legacy endpoint detection and response ( EDR ) at our peril .
FEATURE
Nowadays everybody wants to talk about how cybersecurity is a detection and mitigation game rather than one of protection . While these arguments have undeniable merit , signature-based protection is not as ‘ dead ’ as some would have us believe . Antivirus has become a quaint notion amid SIEM , IAM , CASB and other new kids on the block . But while these newer technologies are powerful and vital to our modern cybersecurity ecosystem , we ignore legacy endpoint detection and response ( EDR ) at our peril . As you read this , it is still in service and to great effect in thousands of organisations across the Middle East , filtering out the known threats that make up a substantial proportion of those we face every day . Its ability to do this job in real time reduces the resource burden on more advanced engines ( those that go beyond signatures ), much as the advanced engines alleviate the stress on human teams . Not surprisingly , according to Trellix ’ s recent Mind of the CISO research , 60 % of organisations across the UAE and Saudi Arabia say EDR is a part of their cybersecurity infrastructure .
Paradox of choice
Having established the EDR solution as a critical component of the security stack , we must confront a problem , one that did not exist at the turn of the millennium : too many vendors . Back in 2001 , say , only a handful of antivirus specialists existed . Today , it ’ s dozens . And while having options is always beneficial , when each vendor claims to have the silver bullet , selection becomes problematic .
While these newer technologies are powerful and vital to our modern cybersecurity ecosystem , we ignore legacy endpoint detection and response ( EDR ) at our peril .
but read them in full , right down to the fine print . And when you find a vendor that covers your use case , be sure to ask yourself if the solution in question is a core offering . Does it account for a considerable part of the vendor ’ s total revenue ? If the answer to these questions is ‘ yes ’, then it is more likely that they are strong in this area and a good fit for your enterprise .
Of particular importance in the Middle East is whether the vendor has a local presence and what form that presence takes . Is it through a VAD or SI ? How long has this vendor or its channel partner been in operation locally ? Is there a managed service ecosystem in place ?
Word of mouth and comparison tests are certainly valid criteria in some respects . But a better approach is to think of the specification and selection of EDR as you would any other procurement decision . Consider your unique business model and use cases before sitting down with a single vendor . This approach trumps all the global analyses and test results in the world .
For example , a vendor could rate highly on cloud and multitenancy , but what if that is not applicable for your business ? By all means , read analyst reports ,
Vibin Shaju , VP Solutions Engineering EMEA at Trellix www . intelligentciso . com
37