10 Considerations Before Buying an Endpoint Detection and Response (EDR) Security Solution

An Endpoint Detection and Response (EDR) system continuously monitors end-user devices to detect and respond to cyber threats.

When investing in this security solution, keep these 10 things in mind:

  1. Agent vs Agentless: EDR can be with an agent (software on each endpoint) or agentless. While an agent can capture much more user activity and enables stronger intervention for a compromised endpoint, agentless EDRs are quicker to deploy and great for endpoints where it’s difficult to install an agent.
  2. OS Support: Not all operating systems are supported by each EDR solution. If you have endpoints using an unsupported OS, you should go for an agentless EDR.
  3. Device Support: Like with operating systems, some EDRs may not work on some devices,  like most iOS and Android smartphones (and IoT devices).
  4. Cloud Support: Even some cloud-based EDR solutions may not be able to operate in the cloud. They can be difficult to install on the cloud, and so, you might need to look for additional protection for your cloud applications.
  5. Integration with other security platforms: Not only does your EDR need to be compatible with your OS, devices, and cloud apps, it should also be compatible with your current security systems. If you use an EDR with, say, API integration, the EDR will be able to work with the existing systems, making them more powerful.
  6. System Updates: Because new advanced, sophisticated methods of attack come up and evolve all the time, the EDR you choose needs to be regularly updated with the latest threats. Otherwise, you might still be vulnerable to the new ones.
  7. Customized Threat Detection Models: Every company is different, and you may want to create your own threat detection model. Your EDR should allow for extensive customization to meet your company’s needs.
  8. Scalability: Companies grow, and with that, grows their need. Will your EDR let you add new components and functionality in the future? How will it handle future growth and increase in traffic and the number of remote devices?
  9. Impact on Endpoint Performance: Running an EDR with an agent? The agent will also occupy performance and resources. Will your hardware be able to take it or will you need to upgrade it? A good EDR should take no more than 1% of CPU usage and 50MB of memory usage.

Vendor Support and Cost: You need to consider your budget and if the vendor will charge you for incident response services in case your EDR is compromised.