Prevention trumping cure is a such a well-polished truism it can be slightly jarring to learn that the emphasis has lately been undergoing a reversal in the realm of cybersecurity – with “cure” (or, “remediation”) taking growing precedence.
Whereas previously organizations have been placing the lion-share of their cybersecurity investment in line with the conventional wisdom cited above, they are increasingly focusing now on “respond” and “remediate” in favor of the traditional sole emphasis on “protect” and “detect.”
Gartner stresses that this reorientation is indeed a question of emphasis (and complementary effort) as opposed to a matter of either/or:
“While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability.”
The impetus for this shift is a congregation of mega-trends pointing in one admittedly depressing direction: our increased vulnerability, and the near inevitability of a successful cyber-attack for most if not all organizations: if there’s no sure way to stop getting the flu, you might as well plan on treating it.
These trends include the expanded threat vectors derived from the mobile revolution and the reduced degree of IT control coming from the cloud revolution, as well as the increasing sophistication of hackers and the tools they use. In other words, our vulnerability is down in part to the very way we work today: more applications and endpoints than ever before, being used more remotely than ever before.
Cometh the hour, cometh the technology. A handful of technology vendors, recognizing the need for better response and remediation solutions, have been busy honing and developing tools that enable organizations to react with unprecedented speed and scale to an incident or threat to the enterprise.
Last year, my own organization, 1E, joined the fray, with its own innovative take on a real-time remediation solution, which we call Tachyon. Naturally it was a priority for us when building Tachyon to ensure that it could not only compete with others such as Tanium, but surpass them in various key characteristics, such as speed, and scalability. I could tout the virtues of Tachyon’s modern design approach (that caters much more directly to the needs of today’s business needs), but you’d doubtless take it all with a pinch of salt (given that we built Tachyon).
What you’d admittedly be better off doing if you’re currently choosing or thinking about an EDR solution for your organization, is check out the new report from Enterprise Management Associates (EMA), Adopting Effective Solutions in Endpoint Detection and Response: An objective comparison of Tanium Core and Tachyon, which compares the two solutions in the 6 decision making areas that matters today.
The report is worth $99, but we’ve made it available as a free download here. You can also listen to an independent industry analyst from EMA hosting a webinar on the report’s findings.
I won’t spoil the surprise regarding these findings, suffice to say that one thing that stands out throughout is how well a modern architecture suits the modern workplace. (After all, if the mobile revolution is one of the factors pushing people towards an EDR solution in the first place, it makes sense to consider the solution optimized for just such an environment.)
The report focuses on six key areas in contrasting the effectiveness of the two tools.
- Effective communication architecture: EMA asked which solution provides the scale and speed at which orgs need to remediate, and which were location agnostic – catering to mobile/remote endpoints as well as on LAN.
- Platform support: The report found that, without broad platform coverage, endpoint visibility is sacrificed, resulting in dangerous investigation and remediation blind spots.
- Cost effectiveness: The respective EDR tools’ ROI is also measured, covering damage limitation, reducing IT burden and ability to learn/transfer skills between security and IT Ops teams.
- Compliance support: EMA looks at how well the solutions enable an organization to comply to increasing regulatory pressure and support for example Data Privacy initiatives.
- Automation: EMA weighs the extent to which the tools can simplify processes, speed up analysis and reaction time and reduce cost (requiring fewer skilled people, reducing downtime).
- Extensibility: Last but not least, the report analyses how Tachyon and Tanium integrate with existing IT service management and change management processes through integration & automation.
If you’re presently making sense of your EDR options, it really is essential reading.
You can read EMA’s report for free here, and you can listen to the webinar here.