This is part 2 in a series on some of the capabilities you should be looking for in your Endpoint Detection and Response solution. As we pointed out in Part I, a SANS survey entitled Modernizing Security Operations found that EDR is considered the most effective technology used in Security Operations. EDR gives you visibility into your clients’ environments. The more information you have about your clients’ environments, the more effective SOC services you can provide.
But how do service providers best choose an EDR solution? If you are already using an EDR solution, you may already have identified some areas where you need improvement. If you’re looking to add EDR for the first time to expand your services, you may be creating your list of criteria. Either way, this series should help you supplement your list. In this post we examine another aspect: finding an EDR solution designed and built specifically for service providers.
It’s a fact that single organizations and service providers like MSSPs, SOCs, and Incident Response teams use tools differently. Many solutions are built with the intent of protecting a single organization but are also sold to service providers. The actual implementation for service providers can be awkward due to their unique requirements.
Our EDR solution, EclecticIQ Endpoint Detection and Response (EDR), is designed for use by service providers. How? Let me count a few of the ways:
- Our margin-friendly tiered licensing is straightforward, based on the total number of endpoints under management. There is no minimum requirement or maximum limitation in our licensing model. This allows you to provide lower cost, higher margin services to your clients no matter how your client base evolves.
- Our tool collects hundreds of points of telemetry on Linux, macOS, and Windows hosts. This removes limits on the clients you take on board, and increases your effectiveness as an SOC.
- Our console is effective and simple. If you prefer you can integrate EDR’s data into your own workflow using our API. And EDR also provides syslog forwarding for SEIM/SOAR integration. Every aspect of the solution is accessible via API, allowing you to integrate with your existing tools and workflows to whatever extent you desire.
- Threat intelligence can be imported from any source. Whether you want to use IOCs from public or private sources, they can be ingested by EDR via the console or through the API.
- Management of Windows Defender is integrated for full detection and response coverage. This gives full detection and response coverage at a lower cost.
- And perhaps most important, you get complete visibility into collected data, detection rules, and remediation actions via our single cross-platform agent. Hundreds of points of telemetry for each Windows, macOS, and Linux host mean more visibility, fewer gaps, and the most response capability available.
Your EDR tool should make it easy for you as a service provider to deploy, administrate, investigate, and remediate across multiple organizations. Does it? EclecticIQ EDR was built with service providers in mind. That makes a difference in the level of effectiveness the solution will have for you as a service provider.
Don’t forget to return for part III of this 5-part series on what questions you should be asking when selecting or upgrading your EDR solution, coming soon. In the meantime, you can read our whitepaper 5 Questions to ask About Your EDR Solution.
To learn more, visit EclecticIQ Endpoint Response or contact info@eclecticiq.com
You might also be interested in:
- 5 Questions to Ask About Your EDR - "Visibility"
- Deconstructing R in an EDR
- Detect and Remediate Process Hollowing with EclecticIQ Endpoint Response
