Organizations are under constant attack leaving IT to investigate hundreds of incidents a day. If a breach or malware attack occurs, there are several steps taken before remediation can begin, causing potentially hundreds of thousands of endpoints to endure vulnerability before IT ops can respond the incident. It is important that security can investigate issues in organizational context as quickly as possible. It’s also crucial that operations have the right tools to respond to the incident cross-platform at scale within the organization. In addition, the resolution of the incident should become part of the organizational knowledge base so if the incident reoccurs, the resolution can be automated.
We will discuss:

  • EDR Solution takes too long to respond. Talking to 200 hosts is fine, but talking to 20,000 hosts takes forever.
  • EDR Solutions have blind spots on Linux clusters and some people are using Macs.
  • Scale of product is very important to be able to roll this out.
  • Software inventory is very important. We discuss 10 important factors.