The endpoint detection and response (EDR) market is not only more critical than ever, it is also going through the biggest period of innovation in its history – bigger than when EDR was first introduced by Carbon Black 7 years ago. This next wave of innovation is about extending EDR beyond the endpoint – and baking it into the fabric of the modern application, cloud, and mobile world. This is at the heart of why VMware and Carbon Black have come together.
The big EDR news of 2020 will be about extending EDR beyond the endpoint into other sources of telemetry and other control points such as: the network, the user, and the application. It’s about factoring in greater context about applications and infrastructure. Some call this extended EDR – or XDR. The combination of the Carbon Black team with VMware – the digital foundation of mobility, cloud and modern application frameworks – is in the strongest position of anyone to execute on this vision.
The top industry analysts agree that you need your EPP solution to deliver the visibility, detection, and remote response capabilities pioneered by EDR solutions.
Gartner made the distinction:
> In the 2019 Magic Quadrant for Endpoint Protection __Platforms, capabilities traditionally found in the endpoint detection and response (EDR) market are now considered core components of an EPP that can address and respond to modern threats.1
And similarly, IDC notes in their recent Endpoint Security perspective:
> When evaluating EDR, the conversation is as much about EPP — expectations for EPP have grown dramatically, refusing to let the use of an EDR compensate for the possible shortcomings of EPP.2
EPP cannot be effective today without the behavioral analytics EDR used to make security teams successful against living-off-the-land attacks. As stated later in the report, “blocking malicious patterns of use of approved applications (e.g., PowerShell), browsers, and system memory” should now be considered standard for EPP. Every organization uses their applications differently, so adapting your prevention to your environment’s behavior is key.
Some of the specific EDR feature criteria IDC suggests2 you evaluate in EPP demonstrates this:
As VMware we’re now able to reinvent EDR and take our success beyond the endpoint into other sources of telemetry and other control points such as: the network, the user, and the application. The IDC excerpt above continues:
> EDR thus creates value by extending the view beyond initial boundaries of the endpoint. The "manifest destiny" of EDR is to be a tool that provides cross-platform visibility and response, stopping maliciousness that cannot be detected with endpoint activity and telemetry alone.
The same high expectations you have for telemetry and behavioral analytics from an endpoint need to expand across your infrastructure and network. The value can be immediate for detection and investigation, but it multiplies as more IT teams are pulled into the effort to harden systems and secure the organization on a larger scale. A couple of XDR features are already in IDC’s2 for evaluating EPP:
To read the full IDC Perspective and the rest of the evaluation criteria, download your copy of the report here.
1_ Gartner, Magic Quadrant for Endpoint Protection Platforms, August 2019._
2__IDC, Frank Dickson, Michael Suby, Endpoint Security 2020: The Resurgence of EPP and the Manifest Destiny of EDR, January 2020, IDC #US45794219