2020-06-22T12:34:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
  • 5
  • 621

What features are important to look out for when choosing an EDR solution?

Hi community,

There are many EDR solutions out there. In your opinion, what are the most important features that an EDR solution should have these days? 

Additionally, what are good questions to ask vendors when researching EDR solutions? 

6
PeerSpot user
6 Answers
SC
Cyber Security Advisor - Director at Fort Net UK
MSP/MSSP
Top 5Leaderboard
2021-09-30T14:36:11Z
Sep 30, 2021

Excellent points from all contributors. I would add the following.


EDR can generate a lot of alerts and events. If you have a small team and limited cyber analysts then you should consider outsourcing to a SOC or even a NOC i.e. MDR


The benefit of an outsourced SOC is that they will monitor your entire organisation 24/7 and investigate 100% of your events and alerts. They will only contact you out of hours when they detect a critical issue.


Jason Stevens mentioned Bitdefender who can provide a complete MDR solution including SOC however, some MDR providers will monitor everything on your network rather than just the endpoints.


According to Gartner, "By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities.”

Search for a product comparison in EDR (Endpoint Detection and Response)
IK
CSO at SBV
Real User
2020-06-24T08:57:34Z
Jun 24, 2020

The answers given by Presh and Akhil are all spot one so I wont touch on those aspects. The questions I would ask are:


1. What are the financials over the next 5 years (CAPEX and OPEX)? I found a lot of vendors will cut their margins to the bone for the sale and then make that discount up through their annual renewals etc.


2. How sure are they on the timelines to implement? 


3. What level of demostrated and certified skill do they have readily available for the duration of the project / contract ?


4. Are those skills available everywhere you operate or located only in one location?


5. What is the time and financial investment required to training internal staff to operate the toolset?




AK
SOC Analyst (Information Security Analyst) at a tech services company with 5,001-10,000 employees
User
2020-06-24T00:07:29Z
Jun 24, 2020

That's true that there are many EDR solutions out there,
According to me the most important features that an EDR should have are:
1. Behavioral Based Detection : EDR should not just have Signature based or files based detection but should also have behavioral based detection.
2. Detection at Rest : This is a topic of discussion and based on the requirements, Most of the EDR solution detects and prevents an activity at execution, but it's good to have a detection at Rest capability, If a user downloads a malicious file and don't click on it, but it's good for an EDR solution to detect the file at rest.
3. Threat Intelligence : This is important for all kind of activities, if the EDR vendor is incorporating threat intelligence database and is comparing all the endpoint activities with the IOCs from the database, this provides a good value to the company and you can detect many malicious activities within the environment.
4. Provide access to Endpoint : The EDR sensor should provide remote shell to the machine, sometimes Security analyst need to get access to the machine to mitigate a malicious activity, this includes network isolation, and remote access etc.
5. Custom Alerts: Most of the EDR provides there inbuilt alerts and detection policies, but it's good to have capability of writing custom alerts for endpoints. Sometimes some of the alerts or policies are not general and is important for a particular business, so writing custom alert gives the freedom to write policies and alerts specific to that business.

Good Questions to Ask vendors are:
1. About the sensor of their product, how much CPU power and other resources the sensor needs.
2. How frequently the sensor sends the data to the central location (Heartbeat of the sensor)
3. Do they have capability of sending all the endpoint logs to a third party tool or not : Sometime companies need to ingest all the endpoint data into their SIEM for correlation purposes. 
4. Retention period of the data :  For How long they store the data.
5. Data transfer and Storing technique: How they are storing and processing the data is it safe or not, are they using SSL for sending data from Endpoint or not.
6. Can you create separate groups of machines in their platform : Companies need to have separate groups like HR, Finance, IT etc. because they want to apply separate policies to separate groups.
7. Do they have feature for manually banning the hash of a file: For zero day vulnerabilities or known bad files it's always good to collect IOCs and manually ban them in the environment.

I hope this will help you with your question. Let me know if you have any other question or if you have any feedback for me.

Thanks.

PM
Director at a tech services company with 1-10 employees
Reseller
2020-06-24T07:49:59Z
Jun 24, 2020

Most Important feature is Prevention – First, this means Effectiveness, Simplicity and Performance.


Additional Question to be ask to ERD solution provider.



  • Predictive Advantage?

  • Prevention First, Zero touch approach

  • Easy Deployment and Management

  • Low Performance Impact

  • Product is at which Phase of Machine Learning? From 1-5

  • Total Economic impact?

JS
Senior Network Engineer at Computer Consultants
Real User
2020-06-24T14:26:23Z
Jun 24, 2020

The most important features of an EDR solution is that it is an XDR (eXtended Detection and Response) solution. EDR is slowly migrating into XDR to take into analysis and AI processing more capture and analysis of network and other traffic such as email, logs and user behavior. Bitdefender is in the process of merging their NTSA product into their cloud security EDR and Gravity Zone solution. Trend Micro already has an XDR solution. Cynet 360 is an XDR solution built from the ground up. Endpoint protection is good and needed but traditional EPP does not detect bad actors who have breached internally or internal network threats and horizontal / lateral attacks and malicious activity. XDR is the future for a fully secure and protected network.

An important question to ask or feature to review are remediation capabilities. Most EDR/XDR solutions only can isolate an endpoint. However more advanced XDR solutions like Cynet 360 have far more advanced remediation capabilities such as disabling local and AD user accounts and a host of other actions and playbooks.

Most EDR's can trace and plot out the start to finish activity of an event however many just are looking at the local endpoint. XDR forensic analysis also tracks and plots out endpoint to endpoint activity and can map out an attack across the entire network. This is invaluable when trying to locate and track down the point of entry of the intrusion or infection.

NW
Global Channel Manager at Custodian360
Real User
2020-06-24T11:48:12Z
Jun 24, 2020

Clearly the best features should be around detection and remediation but beyond that, key is how the information is displayed, depth of the forensic information, retention etc.

Learn what your peers think about Cisco Secure Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,400 professionals have used our research since 2012.
Related Questions
Fernando Elias Gonzalez Hernandez - PeerSpot reviewer
Cyber Security Manager at Maxitransfers LLC
Nov 9, 2022
Hi, I'm looking for an EDR with low resource consumption and very robust for 270 computers. Any suggestions? Thank you--- <Original question> Estoy buscando un EDR con bajo consumo de recursos y muy robusto para 270 equipos de computo Sugerencias? Gracias
2 out of 12 answers
Hi Fernando, Nice to meet you! From Sofistic we can help you with SOC and Crowdstrike EDR!
Pieter Plas - PeerSpot reviewer
Owner at Beerepoot Automatisering B.V.
Jul 26, 2022
Hi Fernando, I’m very happy with Kaspersky. Good value  for your money. Good support when you need it. The console gives you more than only antivirus, but also patch management for 3th party software and so many more. And i believe the best anti ransomware in the world. With kind regards,
EB
Director of Community at PeerSpot (formerly IT Central Station)
Sep 12, 2022
Hello community members, Could you please share 2-3 of the top pain points you've been experiencing during the Endpoint Detection and Response (EDR) solution purchase? Have you been able to overcome them? How? Thanks for sharing your experience with other peers.
2 out of 6 answers
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 6, 2022
Hi @Evgeny Belenky​, A few points that need emphasis when deciding on the EDR are as below:  1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both? 2) How does the solution detect unknown threats. Does it have machine learning capabilities? 3) If the solution does claim to utilize machine learning, what type of machine learning is used? 4) What technology is deployed to prevent exploit-based and file-less attacks? 5) Is the solution specifically designed to stop ransomware? 6) Does the solution’s creator have third-party results that validate their approach? 7) Can the solution ask detailed threat hunting and IT security operations questions? 8) What visibility is provided into attacks and can the solution respond automatically.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 7, 2022
Hi @Devanand PR, @Basil Dange, @Nadeem Syed, @Abbasi Poonawala ​and @Dalvarado, ​ ​ ​ ​ Can you please share your professional insights with your peers? Thanks and we appreciate your collaboration.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 2, 2022
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antivirus, an EDR solution, or both? What is your recommended IT Service Management (ITSM) tool in 2022? W...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Cisco Secure Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,400 professionals have used our research since 2012.