The data collected during endpoint detection and response provides fertile raw material to apply AI to cyber security, says Paul Maggs, a consultant with CRN 2021 Fast 50 No. 1 Arinco.
Maggs was speaking as part of the CRN Boardroom Impact series on EDR which also sought views from other partners including Step FWD IT, CT Group, and CrossPoint Technology Solutions and Boutique systems.
“What has shifted, especially when we're using EDR platforms, these are cloud-based services. And there is a multitude of different endpoints connecting into these EDR solutions. From that, we're getting a lot of signals, we're getting a lot of data,” he said.
By analysing what is happening at the endpoints, companies can use AI to make determinations about what is malicious and what is not.
The other advantage for customers using cloud-based EDR systems is that they benefit from the aggregation effect – the fact that it is not only their own data but also the anonymised aggregated data of all customers. Ultimately this provides more accuracy in the models and ultimately in the analysis.
“If there is something malicious occurring on your machine, it's able to look at it and say, ‘This doesn't look good. And I know it's not good so I'm going to stop the action now.’ Or if something's occurred, it's going to then go through the system and say, ‘Okay, we've seen something malicious here, we understand what it is doing from all of the signals that we're collecting. And then we're going to stop it and hopefully, clean it up."
Participants in the CRN Boardroom Impact Series on Endpoint detection and response discussed how EDR has replaced antivirus as the preferred cyber security solution because of its greater benefits and superior ROI, however, they also noted the message has not yet propagated across the whole customer base.
The need for partners to educate their customers on the potential benefits was a major theme of the discussion.