Endpoint detection and response (EDR) and endpoint protection platforms (EPP) have become a staple of security programs today. These solutions are deployed across workstations, severs, mobile devices, and more to protect against the latest known and unknown threats.
As security teams increase investments in EDR and EPP platforms, it’s imperative that they modernize their approach to asset management in lockstep.
Why Are EDR and EPP Solutions Important?
EDR and EPP solutions are used to protect against malware, exploits, and a variety of threats. These solutions are deployed as agents or sensors on managed endpoints including PCs, servers, mobile devices, and more. EDR and EPP solutions also have the ability to block software, scripts and processes, as well as detect abnormal and suspicious behavior.
Security teams used to primarily defend the perimeter and rely on controls at the company network level. Yet, overtime, traditional controls like firewalls and intrusion detection solutions were often not effective against more sophisticated threats.
Now, with many companies employing a hybrid workforce, relying on perimeter-based controls is no longer a viable strategy. Companies have turned to EDR and EPP solutions to protect the devices directly.
EDR and EPP solutions have become a staple control to protect against known malware and viruses, and they also are integral for protecting against ransomware. Plus, in the wake of the Colonial Pipeline ransomware attack and other high-profile breaches, President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity mandated that civilian executive branch agencies deploy endpoint detection and response initiatives to support “proactive detection” of cybersecurity incidents.
The Realities of Deploying EDR and EPP
While endpoint detection and response has become a staple security control, many companies still face challenges with deployment. Today’s complex IT environments mean that security teams often only know about a fraction of all company endpoints, and thus deploy EDR and EPP solutions only on the devices that have been accounted for.
Another challenge is that EDR and EPP solutions are hard to deploy on certain device types, such as IoT, medical devices, and OT systems. While EDR and EPP “probes” are often built to take little computing resources, ensuring the availability of these devices takes precedence over securing them. As a result, it’s rare to find.
How Cybersecurity Asset Management Can Help
EDR and EPP solutions can’t necessarily be deployed on every device type, but companies should maximize coverage on the devices where they should be deployed. A cybersecurity asset management solution provides a comprehensive asset inventory and integrates with EDR and EPP solutions - allowing you to easily identify where agents are not deployed.
Since cybersecurity asset management solutions provide a holistic view across all of your company assets, you can quickly validate key aspects of your EDR/EPP deployment, such as:
- Policy configuration
- Agent versioning
- Agent health and status