The EDR market continues to grow, but from a vendor's perspective, what is the current need for EDR and why?
Mr. Tetsuya Kawai, President of CrowdStrike Co., Ltd.Mr. Kawai CrowdStrike launched EDR products five years ago, but at that time EDR was positioned as a state-of-the-art technology for users with a sharp Internet business. Nowadays, most large companies are introducing or considering it, and even small and medium-sized enterprises that are highly dependent on IT have introduced it, and it has become a commodity similar to antivirus (AV).
The current security measures are changing from the conventional defensive stance to the premise that they will be intruded and have the ability to detect and respond to logs. The background is frequent information leaks and ransomware damage. Even though everyone put in AV and operated it properly, the damage was occurring.
Today's attacks are in a form called malware-free, and most attacks cannot be addressed by traditional signature-based scanning methods. Therefore, next-generation antivirus (NGAV) that finds behavior instead of files has appeared, but there are also attacks that can not be stopped by NGAV, and two-step defense in the form of protecting it with EDR is carried out. It has been.
However, all traditional EPPs will not be replaced by EDRs. It is easy to understand if you replace it with physical security, but when considering security of condominiums, for example, attach an auto lock first. This can prevent more than 90% of intrusions, but professionals can slip through it, so contract with a security company and attach a surveillance camera to constantly monitor areas that cannot be prevented by auto-locking.
Similarly, the most efficient way to stop simple attacks is to stop them with AV, focus on high-level attacks, and monitor them with EDR. In that sense, I think that the conventional two-stage EPP and EDR stance is the best now.
Mr. Seki Currently, non-malware attacks using fileless and hacking tools are increasing, so when taking countermeasures, small ones are knocked down with EPP, and those that must be carefully viewed are triaged by looking at EDR. .. Such cases are increasing even in the field.