Looking excellent on any device

A data breach responder can be a lot like a high-tech plumber. Just like a plumber does when a house’s basement floods, data breach responders toil to identify the cause of the breach; combine forces to contain its damage; and collaborate on remediation.   But unfortunately, the basement-flood/data breach analogy stops there.

While a plumber can provide reasonable assurances that the basement will not flood again, a data breach responder cannot promise the same about a future data breach. In fact, another breach is not only possible, it’s likely.

This is yet another reason why the field of incident response is an upside down one; because data breaches don’t define victim companies, how they respond to them does.

And this is also why installing a so-called “endpoint detection and response” or “EDR” tool, though not a silver bullet, will soon likely become a critical aspect of every company’s cybersecurity defenses.   A little history:

The term “EDR” actually originated as “ETDR,” when it was first coined by Gartner’s Anton Chuvakin in a .  Chavukan conceived of the fresh nomenclature to define the category of tools and solutions that focus on detecting and investigating suspicious activities and issues on hosts and endpoints.  Chavukan wrote,

This name reflects the endpoint (as opposed to the network), threats (as opposed to just malware and officially declared incidents) and tools’ primary usage for both detection and incident response. While some may argue that [the] “endpoint” label may be seen as applicable to workstations and not to servers, this minor loss of precision seems acceptable for the sake of brevity (others will say that four words is already too long).

In a later November 2014 Report by Gartner Research entitled, “,” the higher-ups at Gartner apparently shortened Chuvakin’s term to Endpoint Detection and Response or “EDR.”  According to Gartner’s report, EDR is:

[A]n emerging security technology market created to satisfy the need for continuous detection and response to advanced threats – most notably to significantly improve security monitoring, threat detection and incident response capabilities.  These tools record many detailed endpoint and network events, and store this information in a centralized database for deep detection, analysis, investigation reporting and alerting.  Analytic tools are used to continually search the database to identify the tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to more rapidly respond to detected attacks. Core delivered capabilities of EDR include collecting endpoint telemetry and data, centrally storing the information, and performing endpoint post-collection analysis of the data and telemetry information for threat enrichment, anomaly detection and correlation purposes.  EDR tools also provide aninteractive dashboard with search capabilities, which can generate alerts and mitigation responses based on specific threat indicators, patterns and behaviors.

Why Use EDR Tools?