Endpoint Detection And Response Is Difficult
Analyst reports from organizations like Gartner and Forrester often claim that customers need a high degree of expertise to use an endpoint detection and response product, according to Dan Larson, CrowdStrike's vice president of product marketing.
This perception exists due to poorly implemented EDR tools that only collect data and then ask customers to find threats in the data by feeding in indicators of compromise or building hunts for scheduled data types, Larson said. If the burden is on the customer to find the data, Larson acknowledged it's going to be hard.
Good EDR products, though, will know how to automatically find threats in a data set by analyzing data and automating the detection and prevention of threats, according to Larson. "EDR doesn't have to be a science experiment," Larson said.