Shubham Awasthi (Global Fusion Center Manager), Dan Katz (Cybersecurity Practice Director)
The endpoint detection and response (EDR) market has exploded in recent years as organizations continue to bolster their security with greater monitoring and response capabilities beyond security information and event management (SIEM) systems. EDR targets endpoints, like computers and industrial technologies, with advanced capabilities to detect anomalous behavior and respond, many times with automated measures.
MITRE Engenuity, MITRE’s tech foundation for public good, recently released its fourth round of independent ATT&CK Evaluations for enterprise cybersecurity solutions. Covering 30 vendors, the results showed that the capabilities of some of the largest and oldest players in the EDR space have quickly been dwarfed by newer entrants to the market.
"This latest round [of evaluations] indicates significant product growth from our vendor participants. We are seeing greater emphasis on threat informed defense capabilities, which, in turn, has increased the infosec community's prioritization of the ATT&CK Framework," said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.
Cybereason posted the best results of any EDR platform in the latest testing from MITRE. More surprising are the low rankings of some of the largest names in the EDR space.
Results of the latest MITRE evaluations
Our team has had significant success transitioning clients from more expensive, lower performing EDRs to Cybereason, saving them money, time and effort while increasing their security posture.
For example, one of our clients was using a household name solution for their EDR solution and after running into numerous product and support challenges we started looking for new providers of EDR solutions. We identified Cybereason and, after an extensive testing procedure, we found their solution to be more capable and easier to utilize than any of the others we had encountered. We pitched the Cybereason EDR to our client, clearly conveying the benefits.
The client was very interested in transitioning their several thousand endpoints from their current EDR to Cybereason but needed to identify an automated process to distribute the new agents.
This organization has a complex environment with no central IT infrastructure management to allow for software distribution. It is a group of 72+ separate organizations, each currently managing its own IT infrastructure and without a centralized software distribution solution in place (e.g. SCCM, PDQ, Bomgar).
Paul Truitt, Cybersecurity Practice Leader, suggested utilizing the existing EDR endpoint agents to deploy the new Cybereason agents. An unconventional strategy, but after gaining the client’s approval for testing, we were able to successfully deploy Cybereason EDR and Tenable Vulnerability Management as well as remove their existing EDR after using an automated script.
Mazars is now able to offer this custom solution to the marketplace, decreasing the deployment effort/timeline and allowing customers to migrate from an existing EDR deployment to an alternative endpoint detection and response solution.
It is imperative for cyber leaders to assess their tools and technology throughout the lifecycle to ensure they are able to combat the constantly evolving threat landscape. Mazars offers deep technical experience with many EDR solutions and can help organizations large and small enjoy greater protection, better detection, and large cost savings, all while leveraging our automated deployment technology.
If you want to discuss your current environment and how you may benefit from a change in endpoint protection, contact us today!