The recent advent of Next gen End Point Security Platform which comprises of EPP (Endpoint Protection Platform) & EDR (Endpoint Detection Response). EPP handle the blocking and scanning of known malware (prime function of a Next Gen AV). While EDR employ advance ability to detect and investigate security incidents, and remediate infected endpoint to a infection-free state.
According to a Global survey of CISOs by Bidefender, it was revealed that the combination of EPP & EDR only task already under staffed information security professionals in an organization as multiple platform (EPP&EDR) needed to be managed. Moreover, according to the report, majority of the alert from the EDR are false positives. This load unnecessary task on the neck of already overwhelm, and understaffed SOC team, thereby, exacerbating their longtime challenge of alert fatigue.
Factors to consider:
-Do you currently have shortage of cyber security talent
-Is your IT team underfunded or understaffed
-Are your team currently experiencing alert fatigue
-Size of your IT budget
-Do you currently have incident response platform (case of overlap)