The SOAPA video series has featured a series of prolific industry beacons representing leading security operations technology vendors. That will continue, but I thought I’d shake up the format a bit by inviting my colleague and friend, Dave Gruber, to participate.
Aside from his movie star good looks, I invited Dave to participate because he spent several years at Carbon Black in the EDR market, and EDR has become a primary component of SOAPA. Furthermore, Dave and I are co-covering a burgeoning segment called XDR, which is sort of a vendor-driven turnkey SOAPA offering.
In part 1 of our video, Dave and I chat about:
- The role of EDR. Dave talks about how EDR monitors endpoint telemetry and works with SIEM and SOAR to accelerate and automate incident response.
- EDR integration. SOAPA is all about integration and interoperability for security operations. Dave says that EDR is often paired with network traffic analysis (NTA), cloud data, email security data, and other sources. Everything rolls up to the SOC for analysis, investigations, and remediation actions.
- EDR adoption. Dave tells us about ESG research indicating that EDR is gaining market penetration, especially as part of new endpoint security suites.
- EDR vs. MDR. I ask Dave what makes organizations buy and operate EDR as opposed to using a managed detection and response (MDR) solution. Dave explains that EDR has gotten easier and many customers want to “own” security analytics and operations. Nevertheless, MDR is a viable alternative or can be used to augment the security staff’s capacity and skills.
Great stuff! Look for more from Dave and I in part 2 of our SOAPA video soon.
