What were your main pain points during the EDR product purchase process?

Hi @Evgeny Belenky​,

A few points that need emphasis when deciding on the EDR are as below: 

1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both?

2) How does the solution detect unknown threats. Does it have machine learning capabilities?

3) If the solution does claim to utilize machine learning, what type of machine learning is used?

4) What technology is deployed to prevent exploit-based and file-less attacks?

5) Is the solution specifically designed to stop ransomware?

6) Does the solution’s creator have third-party results that validate their approach?

7) Can the solution ask detailed threat hunting and IT security operations questions?

8) What visibility is provided into attacks and can the solution respond automatically.

- Platforms that are only in English.

- Platforms that don't allow Web and IP blacklists.

- Platforms that consume a lot of resources.

I had to deal with several pain points while getting an EDR solution. I’ll list the main ones below.

• Adequate cybersecurity staffing to ensure the EDR solution is configured, monitored, and analyzed correctly.


• EDR tools with low data lookback were an issue. I wanted a solution that provided historical data of up to 90 days to one year.


• 
  Integrating the EDR tool with threat intelligence feeds and other existing security tools.


• The EDR learning curve is long. It takes time and specialized resources to understand how the solution works, learn to analyze the results, and how troubleshooting works.

Here are a few points you should keep in mind when purchasing an EDR solution:

• Your EDR solution should provide in-depth and complete visibility into all applications and processes running on the endpoints.


• Ensure the EDR solution provides real-time alerting, automatic attack storyline creation, MITRE ATT&CK mapping, and a unified workflow.


• 
  End-to-end response and remediation services are essential EDR features.


• Ensure the EDR tool provides at least 90 days of live data for analysis.

1 Does the solution support legacy OS?
2 What are other security solutions that can be integrated with?
3 How comprehensive is the threat intel and data correlation?
4 Is it user-friendly?

Analyze the wave of products at Gartner hype "Cycle". 

EDR was good in the past. After that, MDR joined the hype and now XDR is the trend. 

Wait for more in a couple of months and you'll get ZDR!

Hi @Devanand PR, @Basil Dange, @Nadeem Syed, @Abbasi Poonawala ​and @Dalvarado, ​ ​ ​ ​

Can you please share your professional insights with your peers?

Thanks and we appreciate your collaboration.