CBI recently hosted a webinar with CrowdStrike to help listeners to plan their Endpoint Detection and Response (EDR) strategy and integrate EDR with all other aspects of the IT ecosystem.
Visit our GoToWebinar page and sign up to watch the Webinar on Demand: https://register.gotowebinar.com/recording/5567694188858381827
CrowdStrike Sales Engineering Manager Adam Hogan and CBI Senior Security Strategist Dan Gregory covered several key EDR topics in the webinar, including how endpoint security has evolved over the last 25 years, what’s included in the modern EDR ecosystem, and the threats and trends to watch in the future. Adam and Dan also provided key takeaways on how to:
Here, you’ll find a recap of the top Q&A from the webinar audience as well as a few bonus questions we didn’t have time to cover!
What are the first steps for an organization just starting to develop its EDR program?
First and foremost, you have to ensure organizational buy in. Start by talking with executives and management to understand their vision of what endpoint security is going to look like across the organization, otherwise you’ll spend time conducting research and proof-of-concepts designing something that isn’t aligned with your management team’s vision. After that it’s block and tackle execution: design a plan, review solutions that best fit those needs, go through some testing, and in parallel to that have asset management covered. You can’t protect the assets you don’t own. Through it all, make sure you’re working with a certified partner that knows and understands EDR.
How can an organization select the best EDR solution?
There’s a lot of third party testing out there with varying degrees of rigor to baseline and test efficacy. Make use of these testing tools to open up questions you can ask the varying EDR vendors about what their strengths and weaknesses are.
While there’s a lot to plan ahead of time, EDR is in a unique space in that it’s fairly easy to get going because you don’t have to make use of all the functionality right out of the gate to get it up and running. At the end of the day, a strong EDR solution can collect data, be used for remediation and still give you visibility without having to do a lot of up front work. You don’t even have to do a complete rip-and-replace, you can use an EDR solution to augment your legacy tools to make rollouts easier and faster.
How do factors like vulnerability management, asset management and mobile fit into EDR?
Things like vulnerability management and asset management are very important to take into consideration when evaluating your EDR approach. For example, every consumer device had a camera in it for a while, but now it’s coming back to reality. Anti-virus, malware, EDR, device control, threat hunting, etc. are all important, but do you have a platform that can integrate all those tools access to all the info and data they need as quickly as possible?
Asset management is incredibly important, and if you’re able to do it through your EDR solution, that’s even better. You can use the data gathered by EDR to run asset management without having to do intrusive network scans, creating economies of scale. But regardless of what solution you’re using, completing the asset management work is far more important than the source of the data.
If you had to focus on just one pre-requisite for a successful EDR program, what would that be?
We’ll actually cheat a little on this one and add one prerequisite for three specific areas – people, processes and technology.
What are your recommendations on managing the EDR program internally vs. leveraging an outsourced or managed service?
This largely comes down to the culture of your organization and the way it manages its IT budget.
If you are a security-focused, low-risk organization with an ample capital budget, then you may consider running the EDR program internally. On the flip side, if you are a security focused, low-risk organization with an ample operational budget you may want to consider leveraging a qualified managed services organization.
Regardless, organizations should consider internalizing the portions of their IT security program that are highly proprietary or associated with unique business processes, while strong consideration should be given to outsourcing general IT security processes such as EDR.
How does behavioral analytics fit in?
When possible, security solutions benefit by establishing a known set of predictable events (behavior) and then contrasting them in real-time with security events originating from end-users and network connected endpoints. Most modern EDR solutions provide a level of behavioral analysis based on the data they collect. Behavioral analytics allows modern EDR solutions to provide proactive versus reactive awareness of security events.
Time is our biggest enemy in the fight to maintain the lowest possible IT security risk profile. Behavioral analytics shortens the amount of time needed to detect, identify and protect valuable assets.
To view the full webinar on demand, visit our GoToWebinar page at https://register.gotowebinar.com/recording/5567694188858381827.
Ready to learn more about how CBI and CrowdStrike can help you build your EDR strategy? Contact us today.