Endpoint protection platforms (EPP) and more comprehensive versions like endpoint detection and response (EDR) tools and services have been in place for a while as more and more organizations aim for attack prevention, risk mitigation, and cyber resiliency.
The promise and potential of these tools has been high, but many organizations have faced operational challenges when incorporating these tools. In many departments, it has become yet another tool to manage, which can be a struggle given the cybersecurity talent shortage many companies face.
As a result, there has been a shift in how companies view EDR and EPP vendors. Companies and departments can learn from these shifts to become better informed buyers while also finding new competitive ways to streamline cybersecurity departments by more efficiently utilizing vendors.
While endpoint protection platforms (EPP) have been a mainstay of many companies’ cybersecurity tech stacks, the cybersecurity industry has largely shifted beyond protection capabilities and into detection and response. Prevention is important but so is an organization’s ability to detect a cybersecurity incident, or indicator of compromise on an endpoint, and their ability to take swift action and minimize any damage.
Companies are increasingly being asked to have detection and response capabilities in place, whether through their internal cybersecurity departments or as part of their vendor ecosystem. Regulator and compliance standards are asking companies to have these capabilities in their efforts to promote cyber resilience and focus on cybersecurity elements and controls beyond just prevention.
Cyber insurance companies are also requiring companies to have these controls so they can offset their own risk and only insure companies who have some kind of cyber resilience in place. Even newer cybersecurity regulations that are coming into effect soon are shifting their perspective towards detection and response. This includes the NIS2 directive that will be in place in October 2024, and we believe that new regulatory and compliance actions that stem from the White House’s recently released National Cybersecurity Strategy document will also encourage or require EDR and similar controls.
Companies, sooner or later, will need to have detection and response capabilities in place and for most companies, they’ll need to look for external resources. The cybersecurity talent gap and required expertise means few companies have the staff, resources, and time to build out those capabilities in-house.
Companies in the market for EDR, MDR (Managed Detection and Response), or XDR (eXtended Detection and Response) should be aware of recent market shifts in order to be better informed buyers and to know how to best leverage these services. If an organization is using an outdated procurement strategy for detection and response vendors, they may find themselves with subpar services, services that aren’t a good fit, or services that don’t provide enough cyber resilience compared to their industry peers.
According to a Gartner® report:
- “About one in three EDR customers buy MDR services along with the EDR Solution, and this percentage is expected to grow in coming years.” *
- “By 2026, more than 60% of organizations using EDR will use managed detection and response capabilities.” *
- “75% of organizations are pursuing security vendor consolidation in 2022” *
It’s clear that consolidation and streamlining cybersecurity departments are a top priority for many organizations, even more so than pricing. If that’s not something that’s part of your long-term cybersecurity strategy, you may have to reassess things.
What do these trends mean for organizations and do they speak to larger cybersecurity strategies a department leader can learn from? We’ve already talked about the need for EDR but there are two other points worth highlighting.
This should be a priority for any cybersecurity department, not just one in the market for EDR services. Cybersecurity roles, responsibilities, and tasks continue to grow and adding vendors on top of vendors has diminishing returns. This creates a new problem of vendor management and complexity and can actually slow down a department’s ability to respond quickly and process information.
A cybersecurity strategy should include consolidating vendors and finding key partners, in the EDR, space and beyond that can streamline and centralize your teams’ efforts via managed services or having a single-vendor ecosystem. This can promote more resilient departments that are mobilized and have clear and efficient lines of communication if an incident does occur.
The cybersecurity talent shortage is getting worse making it more difficult for companies to find the right talent, keep good talent, and have a cybersecurity team that actually has the time, training, and resources to carry out a comprehensive cybersecurity strategy. So organizations should look towards the emergence of managed service providers to help shore up cybersecurity and talent requirements.
By partnering with a managed service provider, companies can consolidate vendors, reduce the need for headcount, more efficiently allocate budget and resources while having 24x7 cybersecurity support. These services can also be a partial proxy for education and ongoing training programs as they can be relied on for up to date knowledge and expertise.
Security leaders have a lot to gain and learn from these environment and market shifts. Without knowing how these trends change, their departments may fall behind or blindly accept inefficiencies which can lead to unnecessary spending, a less-than-productive department, and increased risk.
They may fall behind competitors who are more attuned to these market shifts, and they may end up in worse positions if their company decides to tighten budgets as fears of a recession continue to stay in play.
Companies should be looking to supplement their existing cybersecurity department with EDR services, but knowing how to look for the right EDR or MDR services can be the difference between having a partner that pays dividends in the long term or having a costly partner that will have to be replaced in the near future.
*Gartner, “Competitive Landscape: Endpoint Protection Platforms”, December 27, 2022.
GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Don’t miss out on exclusive content and exciting announcements!