Security News > 2021 > August > Legacy EDR. Yes, it’s a thing

Many organisations find themselves using more than one of these security generations at the same time, which might include several versions of EDR alone.

That's because many earlier EDR systems solve one set of problems by creating a new more demanding set, namely alert overload and complexity.

"Some EDR systems are susceptible to raising alarms on false positives but would drive security managers crazy trying to figure out what an alert meant." That's why, says Grillo, Fortinet uses the well-regarded UEBA tech acquired with ZoneFox in 2018 across its entire platform to weed out detection from background noise.

According to a 2020 study by analysts Enterprise Strategy Group cited by Fortinet, 83 per cent of enterprise respondents agreed that using EDR effectively requires advanced security skills while 78 per cent agreed that their EDR projects had been more complex to implement than anticipated.

Salvaging EDR. EDR marketing often struggles to fully explain how second-generation EDR is better than the systems already in use but really it comes down to the fact that vendors have finally tweaked the architecture to counter how modern cyberattacks unfold as opposed to the vague and idealised concept of a 'threat'.

Increasingly, endpoint security has become only one part of a much larger system, which in Fortinet's case is the company's Fortinet Security Fabric, a broader architecture that integrates endpoint security and EDR with other areas of security such as the cloud, firewalls and switches, authentication, SIEM, and wireless access.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/04/legacy_edr_is_a_thing/