February 15, 2018 by

Gartner Research: Endpoint Detection and Response (EDR) Solutions are Emerging

In a new report on endpoint security, prominent IT research and advisory firm Gartner has revealed valuable insights into future trends, one that sees EDR solutions entering the market.

In a report titled “Redefining Endpoint Protection for 2017 and 2018’, IT research firm Gartner has identified endpoint detection and research (EDR) solutions entering the cybersecurity market as a new generation of solutions adopted by highly sophisticated security operations centers (SOCs).

Their advent comes amid new capabilities wherein security operations teams can investigate suspicious or malicious activities that were previously hard to determine with more visibility into historic events while implementing recovery programs in with perspective and intelligence rather than a mere re-imaging.

“Over the last two years, the requirements for EDR use cases have become increasingly mainstream,” the report explained. “As a result, the core functions of EDR solutions have been increasingly adopted by EPP vendors. Similarly, many of the EDR vendors have incorporated prevention techniques typically associated with EPP solutions, hoping to displace incumbent EPP vendors with their solutions.”

Specifically, the market for EDR solutions covers four primary capabilities on offer, namely:

  • Detecting security incidents, rather than just file-based malware
  • Containing security incidents
  • Investigating security incidents, and threat hunting
  • Providing response capabilities to recover from a security incident

While EDR solutions previously addressed the requirements of large enterprises having their own dedicated SOC, the growing interest in these capabilities has seen the solutions adopted by the mainstream market.

Furthermore, the report reveals Microsoft is making ‘solid developments’ in protection capabilities with its new Windows Defender Advanced Threat Protection (ATP) now widely available to solve EDR use cases. For Mac OS machines, the report suggests the Apple-developed operating system could introduce additional threat surfaces, despite being widely accepted as a better security framework than Windows.

Image credit: LIFARS archives.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.