Intelligent Tech Channels Issue 43 | Page 68

high volume of alerts , fragmented visibility and false positives are increasing the pressure on security teams . This isn ’ t helping to cope with the skills gap .
So , when looking to adopt EDR , an organisation should consider a few things . First is the ability to detect complex threats , as well as ease of use , accuracy , context information and guided response . But secondly , organisations should also look for built in automation capabilities .
To help customers reducing the challenges due to the cybersecurity skills gap , Bitdefender focused on providing an EDR that has proven industry leading detection capabilities but is also easy to use and accessible to a wide range of organisations .
We also developed an MDR service that moves all the weight of security operations to highly-skilled Bitdefender SOC team analysts .
Why is it so important that CISOs and their teams have access to highly detailed reports and analytics , and how does a good EDR solution enable this ?
I think it is hard to over-emphasise the importance of incident reporting and security analytics for security teams .
Although there are quite a few reasons for having access to detailed reporting and analytics I will focus on three key use cases : incident investigation , forensics and compliance .
Effective incident investigation relies on two principles : knowing ( in good time ) that something is happening and understanding quickly what is happening . Forensics is similar , with the difference that time is not as critical as in case of incident investigation . Here the most important is to have access to untampered and accurate information . Compliance also relies on being able to provide authorities with detailed , reliable information on security incidents . Detailed reporting and security analytics are key all three use-cases .
With its detailed information on security incidents and reach context , EDR is an exceptional instrument to serve these usecases . It collects detailed event data from all endpoints in the network and stores it for extended periods of time .
How can organisations make EDR a key component of their overall cybersecurity strategy ?
A sound security architecture must cover all phases of the cybersecurity framework , that are identify , protect , detect , respond and recover . EDR ( and XDR as an evolution of EDR ) is instrumental for detecting and responding to advanced cyberthreats .
Depending on the availability of skilled security personnel in-house , an organisation can integrate EDR in their security architecture in two ways : as a product ( EDR solution ) or as a service ( Managed Detection and Response ).
Choosing the MDR service , an organisation moves from acquiring security technology ( that is an excellent option for customers having an in-house security team ) to directly acquiring security outcomes , allowing the IT organisation to focus on other key initiatives .
Making detection and response part of the security architecture is a must in 2021 and enterprises can choose between EDR as a product or MDR depending on what suits them better .
How does Bitdefender set itself apart from others in the EDR market ?
One of our core aims at Bitdefender is to bring more benefits to customers while reducing adoption challenges .
Bitdefender has at least three differentiation points :
• Market-leading threat detection proven by independent test like MITRE evaluations
• Integrated extended detection and response capabilities that allow customers to enjoy enhanced detection of advanced threats that are affecting a larger portion of the organisation and unified visibility on security incidents . This enhancement of EDR was named eXtended Endpoint Detection and Response
• Integration with the other security capabilities offered by Bitdefender ( risk analytics , hardening , prevention ) into one single unified endpoint security solution that promotes both ease of use and operational efficiency •