The value of standalone EDR is diminishing much faster than you think

In the 2020 Gartner Hype Cycle for Endpoint Security, EDR was coded “light blue” and was projected to plateau in the next 2 – 5 years. However, just one year later, it has shifted to code “white”, and will cease to exist as an independent category in less than two years. 

Similarly, other standalone solutions like sandboxing and Anti-APT were originally positioned as a separate product category and predicted to become multi-billion-dollar markets. However, these solutions will either become merged with one of the boarder existing categories or become irrelevant altogether.

Many organisations have turned to Endpoint Detection and Response (EDR) to tackle threats that bypass prevention tools. EDR is a great investigation tool which enhances overall efficiency and capability for endpoint security and SOC operations. In fact, it can act as a unifier for the endpoint and SOC teams. 

However, security teams today continue to face challenges in analysing large volumes of data, chasing false alerts, and manually fixing vulnerabilities. Therefore, organisation must invest in robust technology which will stay as a separate category and will be relevant in long term too.

Technologies to bet on

Here’s the top three technologies that will give CISOs/CIOs both short term impact and long-term relevance – 

1. Extended Detection and Response (XDR) uses a proactive approach to threat detection and response. It provides security teams visibility across clouds, networks, and endpoints, and automates data analysis and management to combat today's increasingly sophisticated threats. 
2. Security orchestration, automation and response (SOAR) technology initiates automated actions in response to specific events or triggers. It can be a valuable tool for your security team, enabling them to focus on the more important work, without getting bogged down by the manual and menial.
3. Autonomous Penetration Testing and Red Teaming can help to find and mitigate weaknesses, gaps and operational deficiencies faster. Security testing, like network penetration testing and red teaming, plays an important role in an organisations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses. Many organizations only test on an annual or ad hoc basis, rarely testing more frequently or even continuously in their environments due to the cost and lack of internal expertise.

The bigger picture

In general, CISOs/CIOs should remember these principles – 

• Invest with a 5-year horizon in mind. By 2023, most board members will start pushing back to CISOs/CIOs and expect them to justify the effectiveness and ROI for their cybersecurity investments. Most of the hyped “next-big-fit-for-all” solutions will not remain relevant for more than 2-3 years. When choosing a solution, CISOs/CIOs should ask themselves if there is an alternative with better ROI in the longer-term. 
• Look for excellent product servicing. Most of the new generation cyber security technologies use AI, ML, Data analytics tool, investigation tool, need API integration with your existing eco-system, and requires continuous upgrade and monitoring. Without proper professional services or monitoring operations, the efficacy of these products suffers. Most vendors now provide hybrid professional services, supported by channel partners. Enterprises should not cut corners in choosing the best services as it will prevent them from achieving the best results. 
• Right cybersecurity partner > the best product. Most of the time, cybersecurity products and technology are unpredictable and ever changing, making it an uphill battle for CISOs/CIOs. However, having the right cyber security partners (OEM or System integrators) will keep you ahead of the game without incurring lot of investment continuously. Don’t fall prey to over hyped products and technology. Organizations are better off choosing a right partner that will remain relevant in long term.