Gartner Blog Network

Our first EDR paper is OUT!

by Augusto Barros  |  May 19, 2016  |  2 Comments

It’s almost impossible to get ahead of Dr. Chuvakin on blog posts and announcing new research, but I’m lucky enough he is driving at this precise moment and not able to do it before me 🙂

Our first of two Endpoint Detection and Response papers, “Endpoint Detection and Response Tool Architecture and Practices”, is out.

This document should be the “starting point” to anyone trying to understand what EDR tools are, what they should be used for and what to consider before implementing this technology. Key EDR use cases are incident-related search and investigation, suspicious activity detection, alert triage and validation, threat hunting, and stopping malicious activity.

Things you can find on this paper:

  • EDR Definition
  • EDR Key Capabilities
  • Why did EDR tools appear?
  • Building a Business Case for EDR

And much more. I hope you enjoy. Then next one is a comparison of the most visible EDR tools out there, it’ll be out in a few days.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: endpoint-detection-and-response  incident-response  threat-detection  

Tags: edr  new-research  

Augusto Barros
Research VP
3 years at Gartner
21 years IT Industry

Augusto Barros is Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio

Thoughts on Our first EDR paper is OUT!

  1. Scott Gainey says:

    Congratulations Augusto on completing this paper!

  2. […] and Response Tool Architecture and Operations Practices” has published. Augusto promptly announced it here [while I was working hard in Honolulu…] and so I am late here, but I have some fun quotes. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.