Securing an organization's endpoints (i.e., computers and servers) is an integral part of strong cyber and information security. This process of securing endpoints is a two-step one, which includes the initial hardening of the endpoint and then the continuous monitoring of endpoints. We will be discussing the latter in this blog. A famous saying in the cyber and information security world is that security is a process, not a product (as stated by Bruce Schneier in 2004). Therefore the security of any endpoint will need to be continuously assessed and managed. When speaking of this process in terms of continuous endpoint monitoring, the topic of endpoint detection and response arises. This blog will define what endpoint detection and response (EDR) is and how small to medium-sized businesses (SMBs) can properly implement EDR into their organization.
To understand how to implement EDR properly, you must first know what EDR is. As the name implies, there are two parts to EDR: detection and response. In the detection portion of EDR, the behaviors of endpoints are continuously monitored and recorded. The goal of continuously monitoring these behaviors is to detect any suspicious activity that could potentially be malicious. Should potentially malicious behavior be seen early enough, the amount of damage that could be done by the malicious actor could be limited or even completely deterred. The next portion of EDR, response, is meant to help its users respond to a security incident correctly and efficiently. Many EDR solutions contain tools that help remove malware or block any suspicious activity before an incident occurs. These solutions can also provide helpful insight to the administrators of the impacting endpoints on responding to the incident. But what solutions are there, and how can SMBs implement EDR for their endpoints?
For any organization, there are two options when it comes to implementing an EDR solution: self-managed software or a managed service, with the latter, most likely being the best options for SMBs. The reason for managed EDR service being a better option for SMBs comes down to financials and personnel. When it comes to financials, EDR software can be costly. For example, a popular EDR program is SentinelOne, which costs $45 per endpoint per year. For many SMBs, this price may not be affordable. When it comes to personnel, many SMBs may not have the correct personnel to manage any purchased EDR program. This would mean SMBs looking to manage their own EDR programs would need to have the means to hire and keep a person or team that could manage said EDR programs. Much like the price of the software itself, the personnel's cost may not be affordable either. Managed service providers (MSPs) can be affordable for SMBs that want to implement EDR into their networks. MSPs manage the EDR software, which means that the SMBs being managed do not need to incur that cost. SMBs would also not need to hire or train personnel to use an EDR solution since the service provider will already have trained professionals in that area. Hiring a managed service provider may be the most viable option for small to medium-sized businesses looking to implement an endpoint detection and response solution for an affordable monthly, quarterly, or yearly price.
Security is not a product, it is a process, and endpoint detection and response are vital parts of that process. Small to medium-sized businesses have a couple of options to choose from to implement EDR into their organization, each with their financial requirements. However, no matter how it is implemented, endpoint detection and response is an invaluable addition to any organization's cyber and information security assets.