Gartner Research: Endpoint Detection and Response (EDR) Solutions are Emerging

In a new report on endpoint security, prominent IT research and advisory firm Gartner has revealed valuable insights into future trends, one that sees EDR solutions entering the market.

In a report titled “Redefining Endpoint Protection for 2017 and 2018’, IT research firm Gartner has identified endpoint detection and research (EDR) solutions entering the cybersecurity market as a new generation of solutions adopted by highly sophisticated security operations centers (SOCs).

Their advent comes amid new capabilities wherein security operations teams can investigate suspicious or malicious activities that were previously hard to determine with more visibility into historic events while implementing recovery programs in with perspective and intelligence rather than a mere re-imaging.

“Over the last two years, the requirements for EDR use cases have become increasingly mainstream,” the report explained. “As a result, the core functions of EDR solutions have been increasingly adopted by EPP vendors. Similarly, many of the EDR vendors have incorporated prevention techniques typically associated with EPP solutions, hoping to displace incumbent EPP vendors with their solutions.”

Specifically, the market for EDR solutions covers four primary capabilities on offer, namely:

  • Detecting security incidents, rather than just file-based malware
  • Containing security incidents
  • Investigating security incidents, and threat hunting
  • Providing response capabilities to recover from a security incident

While EDR solutions previously addressed the requirements of large enterprises having their own dedicated SOC, the growing interest in these capabilities has seen the solutions adopted by the mainstream market.

Furthermore, the report reveals Microsoft is making ‘solid developments’ in protection capabilities with its new Windows Defender Advanced Threat Protection (ATP) now widely available to solve EDR use cases. For Mac OS machines, the report suggests the Apple-developed operating system could introduce additional threat surfaces, despite being widely accepted as a better security framework than Windows.

Image credit: LIFARS archives.