You’re fully aware of the need to stop threats at the front door
and then hunt any that got through that first gate, so your company
installed an EPP/ EDR solution.
But like most companies, you’ve already come across its
shortcoming – and these are amplified since you have a small
security team. More than likely, you noticed that it has its share
of detection blind spots and limitations for which you need to tack
on more detection technologies.
Remediation requires manual effort, and in terms of operation,
it’s become too much of an investment on your already
resource-constrained staff. Deployment took you ages, so you’re
somewhat wary of introducing new technology and going through that
process again.
What should you do – fight for more resources, flight from the
EDR/ EPP combo to other technological solutions, or freeze by
accepting this painful situation and updating the board that your
risk levels remain high?
When fight and freeze are typically the directions you want to
avoid taking, you need to know what to expect if you do move
along.
The guide “Decided to move on from your NGAV/EDR? A
guide to what’s next[1]” walks you through six
steps in that transition process, so you come best prepared for
that next protection level:
Step 1: Why are you moving? Before you justify
to your team – and to the company – why you are transitioning, you
need to justify this to yourself. According to a Cynet 2021 survey
of CISOs with small security teams, the biggest pain point in
operating threat protection products selected by 51% of companies,
and with a significant gap of 38% from the second place, is the
overlapping capabilities of disparate technologies. Following that
response, in second and third place, companies suffer from
operational challenges.
These are having too many dashboards (37%) and computing lag on
deployed devices (36%). Are these also your main challenges? Always
go back to that painful base point when evaluating your
alternatives, as this is what started you off in the first place on
the transition journey.
Step 2: Consider your options. Since you cannot
rely solely on the EDR/ EPP stack, your alternatives boil down to
two. The first, keeping your current solution and investing in
compensating detection technologies to cover blind spots. On top of
this, further stacking on solutions to automate investigation and
other manual processes. The second, investing in an Extended
Detection and Response (XDR) platform.
An XDR platform consolidates and rationalizes alerts into
actionable incidents and automates investigation and response
actions. XDRs include the EPP/ EDR component – but these are only
components of the full breach protection platform. Go through the
guide for a pros and cons list to help you decide which option you
want to take, and make sure to add points to that table per your
environment.
Step 3: Build the business case. Most companies
with small security teams choose an XDR. An immediate question that
then arises is where to get the budget for the new platform. This
is where you build the business case and the guide helps you by
providing three aspects to consider when allocating the budget.
Make sure not to sell yourself short by reducing the budget to save
costs. Rather, use the same budget to achieve more.
Step 4: List the XDR requirements. XDR
technologies vary in their offerings. Some integrate more
technologies than others, others are simpler to deploy and manage.
Various XDRs range in levels of automation, and MDR service
offerings differ as well from vendor to vendor. This is where you
need to decide what are the most important XDR capabilities that
suit your small security team.
As a start, you should make sure you consider the must-have four
parameters and decide to which extent you’re willing to compromise
– ease of deployment, types of detection technologies, level of
automated breach response, and MDR augmentation offerings.
Step 5: Shortlist the XDR vendors. Now that you
have the requirements, it’s time to shortlist the XDR vendors you’d
like to evaluate. There are several ways to help you build this
list: garner peer feedback, look at review sites, check if the
vendor provides trial offerings such as a try and buy, and of
course, bring cost considerations into account.
Step 6: Send out an RFP. This
is an important step to assess the technology. RFPs are tedious but
remember, you send out the same one to each vendor so it’s enough
to create just a single copy and then the comparison of the
responses is quite straight-forward. As an incredibly time-saving
tip, the guide also refers to an already created RFP template for
XDR protection which you’ll find relevant if you have a small
security team.
Undoubtedly the EPP/ EDR combination is not enough for your
small team. While they are important tools, you’re starting to feel
the combination as a double edged sword – one on hand it doesn’t
fully address your current needs and on the other creates a burden
on your resource-constrained team. It’s time to move.
This guide serves as a companion as you go through that
transition process, providing the necessary insights based on
experience to help you steer clear of any road bumps.
Download the eBook Decided to move on from your NGAV/EDR? A
guide to what’s next[2]“
References
- ^
Decided
to move on from your NGAV/EDR? A guide to what’s next
(go.cynet.com) - ^
Decided
to move on from your NGAV/EDR? A guide to what’s next
(go.cynet.com)