Why EDR and Managed EDR Are Central to Better Threat Detection and Response

Security organizations, burdened by a relentlessly evolving threat landscape, face an ongoing struggle finding people with the skills to effectively handle not only threat detection but also response.

All this is happening while the confluence of cloud, Internet of Things (IoT), and mobility creates new exploitation points for cyber criminals, reinforcing the need for around-the-clock vigilance, advanced cyber skillsets and innovation. But while modern endpoint detection and response (EDR) solutions can help organizations to deal with this multiplicity of shifting threats, many organizations just don’t have enough security people on staff with the expertise to use these advanced tools to their full advantage.

The Right DNA

Not every security professional is a trained specialist in advanced detection and response methods and you can’t simply plug someone trained in one area of security into another security job, assuming they can handle the new assignment.

Indeed, there are different levels of analysts. The top rung learned their craft only after accumulating years of experience and extensive training. Those very skilled professionals are in short supply and coveted around the industry, making it that much harder for organizations to hire and retain this top talent.

When staying on top of stealthy attacks threatens to become too much to handle, organizations should consider adding Managed Endpoint Detection and Response (MEDR) services to their complement of security programs. Managed EDR services will augment your security staff by providing advanced capabilities -- such as 24x7 critical alert monitoring, managed threat hunting, advanced investigations, and pre-authorized remediation -- that significantly improve the organization’s threat detection and response efforts.

This is a trend in the making. The truth is that even the best enterprise security teams are challenged to perform these kinds of activities by themselves. Sometimes, they simply prefer a managed security services provider to deliver these capabilities. Correlating the sheer volume of threat data creates its own challenges and tends to add further stress points to an already overburdened security team – making it even more difficult and complex to map accurate threats in real-time. A recent survey of cyber security leaders by ESG Research, sponsored by Symantec, found that 78% of the security professionals polled agreed that their organizations would benefit greatly from having their EDR deployment assisted by some type of managed services.

Addressing the Skills Gap Cost-Effectively

Adding MEDR to an EDR deployment offers organizations the advanced tools, automation, analytics and human expertise they need to defend their endpoints against persistent, stealthy attacks. They see that adding MEDR accelerates both mean time to detection (MTTD) and mean time to response (MTTR).

One of the most difficult tasks -- providing 24x7 critical alerting and monitoring -- is considered by these security leaders to be the most important feature of MEDR. Nearly a third agree that adding MEDR compensates for a lack of staff and expertise for this activity. It increases the productivity of security operations center (SOC) analysts by freeing them to focus on other security priorities. And by providing managed threat hunting, advanced on-prem and cloud endpoint investigations, and pre-authorized remediation, MEDR helps reduce the cost and complexity for already maxed-out security operations programs.

Almost a third of the ESG survey’s respondents also believe that MEDR providers can do a better job at threat detection and response than their own security staff. Overall, more than 80% agreed that adding MEDR would provide significant benefits by augmenting and assisting their cyber security team’s overall effectiveness.

Taking Cyber Security to a Higher Level

The ESG survey data reveals that many organizations feel they can improve their cyber security by deploying a combination of EDR and MEDR advanced tools and services, such as Symantec Endpoint Detection and Response (EDR) and the Symantec Managed Endpoint Detection and Response service (MEDR).

To learn more about how Symantec EDR and MEDR tools and services can take your organization’s threat detection and response to the next level, we invite you to watch the replay of our recent webinar hosted with ESG and a panel of Symantec experts HERE