By now, you understand the importance of integrating multiple threat intelligence feeds into your organization's security infrastructure, cultivating security awareness among employees on an ongoing basis, and creating clearly defined security policies.
Those are all crucial steps that go into the planning phase of your organization's endpoint detection and response (EDR), but they are not the only ones.
To fully prepare for EDR, your organization needs to complete a series of other tasks. For instance, it needs to make sure it can discover and profile new endpoints. It must also gain the support of its leadership and build mechanisms that ensure continuous collaboration across security and IT systems.
Such efforts will help to unite the organization around the protection of endpoints, both old and new, and will situate EDR within a comprehensive security focus that emphasizes constant monitoring for threats.
Fulfillment of the planning phase naturally leads into the process of choosing an EDR system. To select an appropriate solution, your organization needs to first make sure that its choice accommodates all endpoints installed on the network.
It can then analyze how an EDR candidate would link up with other parts of the organization, such as by determining whether the system would integrate well with its threat intelligence feeds, whether it would work with other elements of the security infrastructure, and whether it would minimize risk to the organization at a cost that fits into its security budget.
After talking with various security vendors, your organization will have enough information to choose an EDR system that meets its business requirements. All that remains now is to deploy the system to its endpoints. Right?
Wrong! As Tripwire discusses in its online publication Endpoint Detection and Response for Dummies
, deploying an EDR system across an organization is tricky. That's why a company should take the process slowly across the following four phases:
- Test the deployment on a small non-production network and begin figuring out how to configure the system.
- Expand the test deployment to several pilot projects on a segment of the production network, all the while training and getting the input of those who will ultimately be managing the EDR system.
- Plan for the system's production deployment with the IT team.
- Deploy the system over a day or two and make sure all relevant personnel are trained on how the solution works.
That last part is key. Security professionals who have been previously trained to use the EDR system will be responsible for managing it once it goes live. Ultimately, the more pre-deployment exposure with the system you can give them, the better.
For more information on how your organization can go about to choose and deploy an EDR system, please download Tripwire's eBook here.