Digital Forensics & Incident Response Strategic Services Advanced Testing Services Managed Security Services
January 17, 2020
Recap: EDR Webinar with CrowdStrike

CBI recently hosted a webinar with CrowdStrike to help listeners to plan their Endpoint Detection and Response (EDR) strategy and integrate EDR with all other aspects of the IT ecosystem.

Visit our GoToWebinar page and sign up to watch the Webinar on Demand: https://register.gotowebinar.com/recording/5567694188858381827

CrowdStrike Sales Engineering Manager Adam Hogan and CBI Senior Security Strategist Dan Gregory covered several key EDR topics in the webinar, including how endpoint security has evolved over the last 25 years, what’s included in the modern EDR ecosystem, and the threats and trends to watch in the future. Adam and Dan also provided key takeaways on how to:

  • Craft an EDR strategy to prevent attacks and reduce time to mediation
  • Select the best EDR solutions for your specific IT environment
  • Integrate EDR into your environment in a scalable and efficient manner

Here, you’ll find a recap of the top Q&A from the webinar audience as well as a few bonus questions we didn’t have time to cover!

What are the first steps for an organization just starting to develop its EDR program?

First and foremost, you have to ensure organizational buy in. Start by talking with executives and management to understand their vision of what endpoint security is going to look like across the organization, otherwise you’ll spend time conducting research and proof-of-concepts designing something that isn’t aligned with your management team’s vision. After that it’s block and tackle execution: design a plan, review solutions that best fit those needs, go through some testing, and in parallel to that have asset management covered. You can’t protect the assets you don’t own. Through it all, make sure you’re working with a certified partner that knows and understands EDR.

How can an organization select the best EDR solution?

There’s a lot of third party testing out there with varying degrees of rigor to baseline and test efficacy. Make use of these testing tools to open up questions you can ask the varying EDR vendors about what their strengths and weaknesses are.

While there’s a lot to plan ahead of time, EDR is in a unique space in that it’s fairly easy to get going because you don’t have to make use of all the functionality right out of the gate to get it up and running. At the end of the day, a strong EDR solution can collect data, be used for remediation and still give you visibility without having to do a lot of up front work. You don’t even have to do a complete rip-and-replace, you can use an EDR solution to augment your legacy tools to make rollouts easier and faster.

How do factors like vulnerability management, asset management and mobile fit into EDR?

Things like vulnerability management and asset management are very important to take into consideration when evaluating your EDR approach. For example, every consumer device had a camera in it for a while, but now it’s coming back to reality. Anti-virus, malware, EDR, device control, threat hunting, etc. are all important, but do you have a platform that can integrate all those tools access to all the info and data they need as quickly as possible?

Asset management is incredibly important, and if you’re able to do it through your EDR solution, that’s even better. You can use the data gathered by EDR to run asset management without having to do intrusive network scans, creating economies of scale. But regardless of what solution you’re using, completing the asset management work is far more important than the source of the data.

If you had to focus on just one pre-requisite for a successful EDR program, what would that be?

We’ll actually cheat a little on this one and add one prerequisite for three specific areas – people, processes and technology.

  • People: Understand the resource requirements needed to run and develop the EDR program/solution. Administrative burden, technical training and the ability to effectively develop the solution(s) that power your EDR program must be considered early on in the process.
  • Process: Understand how your organization’s EDR program will address security-related compliance and audit requirements. Most organizations observe a number of regulatory- and/or industry-focused compliance mandates. Identify the EDR-related controls within these mandates and make sure your program is capable of addressing each of them.
  • Technology: Address asset discovery and identification. Know your network and its connected endpoints. EDR programs are designed to protect the vulnerable assets. Your EDR program is not effective unless you can identify its weakest link – the endpoint.

What are your recommendations on managing the EDR program internally vs. leveraging an outsourced or managed service?

This largely comes down to the culture of your organization and the way it manages its IT budget.

If you are a security-focused, low-risk organization with an ample capital budget, then you may consider running the EDR program internally. On the flip side, if you are a security focused, low-risk organization with an ample operational budget you may want to consider leveraging a qualified managed services organization.

Regardless, organizations should consider internalizing the portions of their IT security program that are highly proprietary or associated with unique business processes, while strong consideration should be given to outsourcing general IT security processes such as EDR.

How does behavioral analytics fit in?

When possible, security solutions benefit by establishing a known set of predictable events (behavior) and then contrasting them in real-time with security events originating from end-users and network connected endpoints. Most modern EDR solutions provide a level of behavioral analysis based on the data they collect. Behavioral analytics allows modern EDR solutions to provide proactive versus reactive awareness of security events.

Time is our biggest enemy in the fight to maintain the lowest possible IT security risk profile. Behavioral analytics shortens the amount of time needed to detect, identify and protect valuable assets.

To view the full webinar on demand, visit our GoToWebinar page at https://register.gotowebinar.com/recording/5567694188858381827.

Ready to learn more about how CBI and CrowdStrike can help you build your EDR strategy? Contact us today.

Content Sponsored by
CrowdStrike, a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates over two trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security. With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform. There’s only one thing to remember about CrowdStrike: We stop breaches.
About the Author
CBI Dan Gregory
Dan Gregory
Director, Managed Security Services
Dan has more than 15 years of field experience in performing regulatory compliance controls assessments and policy review. Dan has extensive experience in development and internal process audits with a focus on the financial, healthcare, manufacturing, and retail industries. Dan has performed countless controls assessments and efficiently deploys solution-based integrations designed to protect critical infrastructure, data, brand confidence, and reputation.
I Need To...
S
Safeguard my data and my brand
Solutions
E
Envision my cybersecurity program
Digital Forensics & Incident Response
C
Comply with regulations
Strategic Services
U
Uncover what I have
Advanced Testing Services
R
Run my cybersecurity operations
Managed Security Services
E
Elevate my business
Why CBi