When it comes to endpoint security, businesses may face challenges in evaluating a solution and securing an investment. These decisions are often influenced by expiring contracts with existing vendors, the allure of new features like AI, or securing a favorable renewal offer from the current vendor. However, finding the ideal endpoint security solution extends beyond these surface factors. Choosing the right EDR (endpoint detection and response) is the first level step towards better security.
To make the decision-making process easier and more efficient, we will dive into four objective buying criteria.
First and foremost when choosing an endpoint security solution, is determining the block rate. This indicates how efficiently the endpoint security detects threats and prevents them, making it a critical parameter. Several third party platforms, like AV-test.org and the Mitre Organization, conduct routine tests using a variety of malware to evaluate different products. These tests provide a clear idea about which EDRs consistently achieve high block rates, hinting at how successful they are when deployed on your devices.
At ActZero we use both CrowdStrike and Windows Defender as our EDR as part of our Managed Detection and Response (MDR) service. By starting with these top-ranked endpoint agents, according to Gartner, our customers are achieving an 88% block rate against threats coming in through their various endpoints across their entire environment.
The second factor to consider is how the EDR integrates with all the other systems in your environment. It helps to have an antivirus product overing as many different devices and systems as possible, including Macs, Windows, or Linux machines, and even mobile devices like iOS and Android. All these operating systems can, unfortunately, fall victim to malware.
Integration extends beyond operating systems, it encompasses applications and network systems, too. The goal is to stretch beyond just the endpoint. For instance, ensuring your multi-factor authentication product is conscious of the status of the anti-malware product on devices or integrating the data detected into a ticketing system or a log management tool.
Beyond just the endpoint, ActZero integrates with Zimperium for Mobile Threat Detection to protect mobile devices, Stellar Cyber XDR, Tenable Vulnerability Management, as well as cloud applications like Azure, AWS, Salesforce, Microsoft 365, Google Workspace, and Okta.
Ranked third in priority is visibility. It is crucial to not only prevent an attack but also learn from it. Effective endpoint security tools need to provide deep insights, helping IT leaders understand what exactly happened. This can then help organizations optimize systems such as email configurations, anti-spam rules, and USB policies to prevent recurrence.
With all endpoint detections and integrations into other systems, a portal helps the IT or security team see what’s happening real time and allows them to zero in on issues in the past.
Finally, the EDR should help your team detect and respond to threats efficiently. The aim is to reduce the response time to a cyber attack. It is worth noting that no endpoint security product is completely autonomous and will require human intervention at some level. Therefore, having a team set up to promptly detect and respond to a threat is vital.
Endpoint security products should be evaluated based on how they can streamline this process. If you lack a round-the-clock team that can respond within 15-20 minutes, it might be best to consider your EDR is managed by an MDR like ActZero.
At ActZero, we've found that these criteria are best met by solutions like our CrowdStrike endpoint offering, our default service, or Windows Defender included in Microsoft's E3 and E5 licensing schemes.
In our ongoing commitment to help businesses secure their operations, we consistently reevaluate these criteria and welcome your thoughts.
Adam Mansour, ActZero's Chief Security Officer, brings over two decades of experience in cybersecurity. He spearheads the company's VCISO and tech integration, driving ActZero's MDR services to the industry forefront.