One More Time On EDR Use Cases
by Anton Chuvakin | May 3, 2016 | 2 Comments
Our first EDR paper is about to be published, but I wanted to draw your attention to my favorite topic – the use cases.
We touched on the EDR (back then: ETDR) use cases in this post in 2013, but we are revisiting them in current research. In our view, EDR use cases can be classified in the following manner:
- Data search and investigations (the “R” in EDR)
- Suspicious activity detection (the “D” in EDR)
- Suspicious activity validation (triage process, that sites between security monitoring and IR; essentially the space between “D” and “R”)
- Data exploration or hunting (proactive hunting for malicious activity, typically a high-maturity security organization use case)
- Malicious activity blocking and containment (the active use case where the EDR is used for mitigation and remediation)
Prevention, naturally, is missing since EDR is not about prevention, but some tools can deliver on the preventative use cases in various ways (to be discussed in the paper).
Blog posts related to our current EDR research:
- EDR Tool Wins – Only For The Enlightened?
- EDR Mud Fight: Kernel or Userland?
- Using EDR For Remediation?
- EDR Research Commencing: Call To Action!
- Where Does EDR End and “NG AV” Begin?
- Reality Check on EDR / ETDR
- My Paper on Endpoint Tools Publishes (2013)
- Endpoint Threat Detection & Response Deployment Architecture
- Essential Processes Around Endpoint Threat Detection & Response Tools
- Named: Endpoint Threat Detection & Response
- Endpoint Visibility Tool Use Cases
- On Endpoint Sensing
- RSA 2013 and Endpoint Agent Re-Emergence
- All posts tagged endpoint
Additional Resources
Read Complimentary Relevant Research
How to Evaluate Cloud Service Provider Security
Security and risk management leaders continue to experience challenges to efficiently and reliably determine whether cloud service providers...
View Relevant Webinars
The Top 10 Basic Changes Needed for GDPR Compliance
The EU General Data Protection Regulation (GDPR) hovers over organizations like the sword of Damocles, with fines theoretically at an...
Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry
Thoughts on One More Time On EDR Use Cases
Comments are closed
TRENDING TOPICS
Who's Blogging
- Augusto Barros
- Robert Hetu
- Hank Barnes
- Stephen White
- Andrew White
- John Wheeler
- Werner Goertz
- Anton Chuvakin
- Deacon Wan
- Craig Roth
- Rick Franzosa
- Debbie Wilson
- Marc Brown
- Anna Maria
- Dave Aron
- Sally Witzky
- Tad Travis
- Scot Kim
- Andrew Lerner
- John Kostoulas
- Rajesh Kandaswamy
- Cindi Howson
- Avivah Litan
- Pete Basiliere
- Rene Buest
- Christopher Little
- Earl Perkins
- Laurel Erickson
- Ted Chamberlin
- Chris Ross
- Jonathan Care
- Mark Raskino
- Augie Ray
- Michele Buckley
- Charles Golvin
- Sid Deshpande
- Svetlana Sicular
- Martina Kurth
- Benjamin Bloom
- Christy Ferguson
- Paul Rabinovich
- Jim Hare
- Homan Farahmand
- Ian Mcshane
- Arthur Villa
- Bryan Yeager
- Manjunath Bhat
- Frank Buytendijk
- James Meyers
- Erik Heidt
About
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
[…] One More Time On EDR Use Cases […]
[…] EDR research is winding down, so we are about to start our next cycle, here is what we have in […]