FEATURE
When it comes to EDR , vendors must also demonstrate strong R & D credentials . The ability to detect issues early is entirely predicated on intelligence and without a strong research arm this becomes impossible . Procurement teams should quiz vendors on their collaboration with law enforcement agencies and intelligence organisations . They should also ascertain what level of access they , the customer , will have to raw research and intelligence feeds after the EDR solution is deployed .
The solution
After determining the service commitments of the vendor , it is time to consider their wares . And when doing so , we should think modularly . First , the basics . Make sure prevention sensors are included that can prevent known malicious files in real time through signature-matching , access-protection policies , exploit-prevention content , memory protection , file reputation and others . Moving into more advanced territory , we must look for the presence of advanced inspection techniques that employ AI , sandboxing , script analysis and more to improve knowledge over time . Such lessons must be shared with other sensors so that the EDR ecosystem can respond as a single organism to a threat when it is encountered again . All of this should be automated and rapid .
The core of EDR , defence , should provide the means for the SOC to act strategically . Advanced defence sensors must gather , summarise and visualise evidence and present it in an adequately visual format . AI and the cloud play important roles in this part of the process .
Also part and parcel of the ideal endpoint security platform is forensics . Sensors must provide incident-response teams with the right information in real time to allow them to constantly analyse attack behaviours in the form of tactics ,
38 www . intelligentciso . com