DRAGON ENTERPRISE PLATFORM
SOCaaP PLATFORMENDPOINT SECURITYCLOUD SECURITYCloud-based siemNETWORK SECURITYWeb SecurityIT Service ManagementFor MSSPs & MSPs
- ServicesIncident Management ServicesManaged ServicesThreat Assessment ServicesProactive ServicesRed Team / Blue Team Services
- Why Comodo?Why Comodo?Compare ComodoWHY PARTNER?
- For HomeSECURITYWEB BROWSERBrowser Add-Ons & Extension
- CompanyAbout ComodoMedia & PressContact us
- PartnersSELECT YOUR INDUSTRY TYPELEARN MORE
- ResourcesResourcesThreat Research LabsCompare ComodoContact Us
Endpoint security continues to be one of the biggest cybersecurity concerns for all kinds of organizations. This is why you must work towards building a strong endpoint security strategy for your company. A reliable EDR application would be a great tool in detecting and responding to threats that go past your other prevention tools. It would also give you enhanced visibility when it comes to minimizing the risk of a breach. The thing is, EDR tools can also create new challenges for organizations just as they can assist with detecting attacks and limiting response time. To help you with just that, here are some of the most common mistakes you need to familiarize yourself with when developing robust endpoint detection and response strategies:Key points to remember:
Miscalculation of the Required Time and ResourcesThe amount of work revolving around EDR has the tendency to add up quickly. This is because of its capacity to collect a lot of data that can be a bit overwhelming when sorted out. Keep on believing in the power of an EDR application—just refrain from underestimating the time and resources required to build a solid strategy.
- Make sure your security department knows the time needed to triage and analyze potential threats.
- Know the average volume of alerts coming in on a daily, weekly, and monthly basis.
- Identify how much time can be allotted from existing security positions or seek approval for additional headcount to run your EDR product.
- Consider a managed solution, especially if you don’t have full-time employees in your security team.
Using an MSSP to Manage EDRManaged security service providers (MSSPs) usually offer a range of security services that mainly focus on signature-based network security technology. These solutions can be a great help for organizations to deal with security compliance purposes. However, an MSSP’s infrastructure cannot support endpoint detection and response as it’s often only designed around areas, such as:
- Signature-based detection
- Perimeter security products
- Ensuring compliance
- Perform due diligence to understand the difference between an MSSP and Managed Endpoint Detection and Response.
- If you already have an MSSP overseeing your EDR, evaluate their staffing capabilities and team’s expertise.
- Look for flaws in areas, such as:
- Threat investigation and forensics
- Security operations
- Data science and analytics
- Reverse malware engineering
Failing to outline the triage and response procedurePurchasing an EDR application and implementing it is not enough. You need to outline the triage, investigation, and response operations so you won’t find yourself overwhelmed with the workflow surrounding the application. Here are essential questions to ask yourself:
- Is there a process included for tracking investigations?
- How are potential threats prioritized within the tool and across various products?
- Does your team have the capacity to triage multiple threats at the same time?
- What types of information are available to the security analysts?
- Does the EDR application include all of the information needed to settle on a decision?
- Can the alerts be merged into other products and your pre-existing workflow?
- Ensure you’ve outlined your process for areas including:
- Alert prioritization
- Consider how you are going to grow your response bandwidth
- Explore other options, such as bringing in more people, enhancing alert validation efficiency, or minimizing the current alert volume
Focusing Too Much on PreventionPrevention is another vital factor when it comes to managing endpoint security. However, there is still not a solution that can provide you with an “all-in-one” answer. Be wary of an EDR application that claims to include prevention capabilities. Instead, focus on determining the product’s visibility, detection, and response features. Key points to remember:
- Identify which area your organization really needs: prevention solution or detection and response solution?
- Determine what will be stopped for EDR tools that include prevention capabilities.
- Understand potential EDR applications’ roadmap and how they will progress over time.
Failing to Utilize Metrics
- Metrics are a great way to measure efficiency and improve your security operation’s effectiveness. This gives you an overview of how well your EDR application is doing facing various types of attacks.
- It’s also imperative that you understand your highest accuracy tooling. This will help you in prioritization and in determining the amount of time you spend on acknowledging, confirming, and remediating threats.