Ryan Stolte is the co-founder and CTO for Bay Dynamics.
There are clearly many reasons why Endpoint Detection and Response (EDR) has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and available defensive techniques.
Threats will always morph and seek out fissures in organizational defenses. Meanwhile, the modern worker is deployed in any number of settings; using an endless variety of devices, and touching data in an array of diversifying models.
Of course, this environment doesn’t stop at the endpoint. The move to further embrace cloud-based technologies, applications and data is one of the most influential and seminal factors lying at the foundation of it all. So, this begs the question, how does EDR fit into the broader ecosystem of modern workflows and defensive solutions to help better protect workers and keep a lid on sensitive information?
We think that combining integrated analytics in the form of Bay Dynamics Risk Fabric, with a leading EDR solution, such as CB Defense, represents a massive opportunity for practitioners to create the visibility and context necessary to tackle this set of challenges. Our recently announced partnership is a fantastic example of how these tools can be tied together to amplify their respective values.
Integrating Risk Fabric analytics and machine learning (ML) with CB Defense’s real-time detection and response enables security analysts to understand where emerging threats align within the context of user behavior across multiple vectors, including the cloud. Making EDR data even more relevant in this fashion is critically important, as it creates the holistic visibility necessary to best prioritize where security teams focus their actions in addressing their organization’s most critical risks.
Let’s not forget the biggest hurdle facing today’s practitioners - their ability to efficiently unify the huge volumes of data produced across their existing security infrastructure to enable targeted investigation and response. If there’s anything that we’re lacking as an industry, it’s clear visibility across the entire spectrum of tooling.
In addition to lending even greater ability to carry out analytics-driven and ML-based threat hunting, the bigger picture impact of the Risk Fabric-CB Defense integration is the ability to blend EDR data together with the wider range of existing security infrastructure – including authentication, Cloud Access Security Brokers (CASB), DLP and web proxies, among others – to foster insight into advanced threats playing out across multiple platforms.
By utilizing behavioral analysis alongside EDR threat detection and all of these additional data sources - in addition to remediation tools and Security Orchestration Automation and Response (SOAR) solutions - a tactical set of workflows can be architected that result in a more effective, balanced approach to enterprise defense.
Moreover, lending a people-centric (versus an account, device or policy-based) view into this entire scenario further advances the ability of security practitioners to understand and resolve emerging issues as they break out across endpoints, the cloud and other involved systems and applications.
Integrating EDR tools, such as CB Defense, with Risk Fabric to create necessary context and visibility - as well as provide integration with other security data sources - results in the ability to better understand the intent and implications of underlying behaviors, as well as isolate and respond to emerging threats.
We see this set of combined capabilities as a crucial element of our customers’ growing ability to secure people and data as the cloud and other models continue to be redefined.
For our customers, integrating Risk Fabric and CB Defense is a critical piece of the puzzle.