10 must-ask questions for evaluating EDR tools
Endpoint detection and response (EDR) products give IT staff visibility into endpoints for detecting malicious activity, analyzing data and providing appropriate response. EDR is part of a burgeoning security market, peppered with well-known vendors such as Carbon Black, Cisco, CrowdStrike and FireEye.
Anyone looking at EDR today has come across the term “threat hunting,” the process of searching through voluminous amounts of data to find signs of a threat actor or emerging attack rather than relying on known threat signatures. It’s a combination of threat intelligence and big data analytics. Threat hunting is a critical component of a comprehensive EDR solution and a key differentiator from endpoint protection platforms (EPPs), with which they are often confused.
However, EDR solutions are also undergoing a period of flux. In 2016, Gartner pointed out that “EDR is not a replacement for other endpoint security tools; it is often a detection and visibility complement to other tools providing endpoint security capabilities.” But Gartner’s 2017 Magic Quadrant for Endpoint Protection Platforms states that “By 2019, EPP and EDR capabilities will have merged into a single offering, eliminating the need to buy best-of-breed products for all but the most specialized environments.”
We asked some security experts to share their insights about what questions you should ask yourself and prospective EDR vendors before you buy.