SlideShare ist ein Scribd-Unternehmen logo

Symantec & ESG Research Threat Detection and Response Webinar

Symantec
Symantec

Explore the benefits of Endpoint Detection and Response Tools and Services. Watch the on-demand version here https://symc.ly/2Z2SKGY.

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
Explore the Benefits of Endpoint Detection and Response Tools and Services Symantec and ESG
© 2019 by The EnterpriseStrategyGroup,Inc. EnterpriseStrategy Group | Gettingtothebiggertruth.™ © 2019 by The EnterpriseStrategyGroup,Inc. Threat Detection and Response, EDR, and MDR Jon Oltsik, Senior PrincipalAnalyst and ESG Fellow PREPARED BYESG FOR
© 2019 by The EnterpriseStrategyGroup,Inc. Agenda • Why EDR/MEDR is important • Primary use cases for EDR • Important EDR attributes • Benefits of Managed EDR (MEDR) • Primary reasons for MEDR • The bigger truth
© 2019 by The EnterpriseStrategyGroup,Inc. Question text: Please select one response per row that best reflectsyouropinion on each statement pertaining to threat detection/response. (Percent of respondents, N=372) Threat Detection Efforts Impactedby Resource Shortages and Skill Gaps 28% 28% 30% 30% 30% 31% 33% 35% 42% 45% 34% 35% 33% 34% 36% 37% 41% 42% 45% 37% 15% 17% 15% 17% 16% 18% 17% 16% 9% 14% 15% 14% 13% 12% 11% 9% 5% 4% 1% 2% 6% 5% 8% 6% 5% 3% 2% 2% 1% 1% 2% 2% 2% 1% 2% 1% 2% 2% 2% 2% Threat detection/response processes are not as formal as they should be Threat detection/response effectiveness is limited because of employee skills gaps Threat detection/response effectiveness is limited due to problems in the working relationship betweencybersecurity and IT operations team Threat detection/response effectiveness is limited because it is based upon toomany manual processes Threat detection/response effectiveness is limited because it is based upon multiple independent point tools Threat detection response effectiveness is impacted by a shortage of security staff members and/or limited security analytics and IR skills My organization’s threat detection/response strategy is anchored by a few key individuals Business management is pressuring the cybersecurityteam to improve threat detection/response We have a formal plan andfunding to improve threat detection/response Improving threat detection/response (i.e., MTTD/MTTR) is a high priority at myorganization 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree Don’t know
© 2019 by The EnterpriseStrategyGroup,Inc. 45% 31% 14% 6% 4% Threat detection and response is much more difficult today than it was 2 years ago Threat detection and response is somewhat more difficult today than it was 2 years ago Threat detection and response is about the same today as it was 2 years ago Threat detection and response is somewhat less difficult today than it was 2 years ago Threat detection and response is much less difficult than it was 2 years ago 76% of Organizations Find TDR More Difficult Today Due to Sophisticated Threats, Increasing Workloads, and Growing Attack Surface Question text: Which ofthe following responses aligns most closely with threat detection and response at yourorganization (i.e., threat detection/response processes, tasks, workload, technology operations, etc.)? (Percent of respondents, N=372) Question text: What is the primary reason why youbelieve threat detection/response is more difficult today than it was 2 years ago? (Percent of respondents, N=283) TDR Landscape TodayCompared to 2 Years Ago 5 Primary Reason TDR Is Harder The volume and/or sophistication of threats has increased, 34% The threat detection/response workload has increased, 17% The attack surface has grown, 16% Threat detection/respons e is dependent on many manual processes at my organization,13% My organizationuses numerous disparate threat detection/response tools, 11% My organizationdoesn’t have the skills or appropriately sized cybersecurity staff, 8%
© 2019 by The EnterpriseStrategyGroup,Inc. EDR Use Cases include Threat Hunting, Investigations, and Monitoring Question text: What are the primary use cases for EDRat your organization? (Percent of respondents, N=320, three responses accepted) 31% 31% 32% 34% 37% 38% 38% My organization installs EDR software on endpoints afterit is certain a system has been breached and then usesEDR as part of forensic investigations EDRsoftware is used fortraining purposes, to help junior analysts better understand how cyber-attacks impact actualsystems EDRsoftware is used to sweep for Indicators of Compromise (IoC) across endpoints to gauge the scope of infections My organization installs EDR software on endpoints when a breach is suspected andthen monitors endpoint behavior as part of an investigation EDR software is already installed on endpoints and my organization uses it to monitorendpoint behavior on a regular basis EDRsoftware is already installed on endpoints andmy organization uses it to monitorendpoint behavior as part of an investigation EDRsoftware is already installed on endpoints andmy organization uses it for proactive threathunting
© 2019 by The EnterpriseStrategyGroup,Inc. Important EDR Attributes include Threat Intelligence, Automation, and Data Capture Question text: Which if the following are the most important attributes of an EDR solution for your organization? (Percent of respondents, N=320, multiple responses accepted) 20% 20% 21% 23% 24% 26% 27% 28% 30% 30% 32% 34% 37% 40% Support for the MITRE ATT&CK framework An EDR solution offered as a managed service Support for non-Windows endpoints and/or servers Documented and tested integration with other types of security… Tight integration with my organization’s existing endpoint prevention… Ease-of-use and deployment A cloud-based EDR solution An on-premises EDR solution Alertvalidation and/or investigation capabilities A hybrid EDR solution Built-in analytics Ability to capture and store a wide range of endpointmetadata… Built-in and/orautomated remediation actions Threat intelligence services/integration to enable comparisons…
© 2019 by The EnterpriseStrategyGroup,Inc. Question text: What is youropinion on each of the following statements pertaining to EDR? (Percent ofrespondents, N=320) Benefitsof MDR 35% 37% 37% 40% 40% 43% 44% 45% 33% 40% 43% 38% 42% 35% 35% 38% 15% 15% 16% 16% 15% 18% 14% 14% 12% 5% 1% 4% 2% 4% 5% 3% 3% 3% 3% 3% 3% 2% My organization only needs rudimentary EDR functionality that we can use on an as-needed basis EDR carries a high total cost of ownership EDR product selection and ongoing operations areowned by my organization’s SOC team My organization’s EDR project was morecomplex than we anticipated We would benefit greatly if an EDR deployment could help us augment or assist the cybersecurity staff Whilemy organization uses EDR technology, we would benefit greatly by accompanying an EDR deployment with sometype(s) of managed services that could help us augment the cybersecurity staff My organization is comfortablewith uploading and storing EDR data in the cloud Using EDR effectively demands advanced security analytics skills 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
© 2019 by The EnterpriseStrategyGroup,Inc. Around-the- Clock Alerting and Monitoring Is Far and Away Most Important MDR Feature Question text: Please rank thefollowing MDRfeatures and deliverables in terms of importance when it comes topurchasing these services. (Percent of respondents, N=345, percent ranked #1 displayed) 7% 7% 9% 9% 9% 10% 10% 12% 27% Onboarding support Incident Prioritization Access to MDR analysts Threat Response Recommendations Root Cause/Impact Analysis Threat Response Remediation Continuous Endpoint Scans Incident Reports 24x7 Critical Alerting and Monitoring
© 2019 by The EnterpriseStrategyGroup,Inc. Why Use MDR? MEDR improvement, existing relationship,betterskills… Question text: What are the primary reasons behind your organization’s plans MDRservices? (Percent of respondents, N=345, three responses accepted) 3% 17% 18% 19% 20% 22% 23% 27% 28% 29% 32% Myorganization’sEDRtechnologyprovidersofferMDRservicesasanextension of their productsales,so wedecided to bundle MDRservicesinto our contracts Myorganizationdoesn’thavetherightskillsor staff sizefor 24/7threat detection andresponseoperations MyMSSPwasnot providingthe desired threat detection andresponse services,sowe optedfora morefocusedMDR service Athird-party recommendedthat my organizationadopt MDR services to improve ouroverall security posture Myorganizationsuffered asecurityincident/data breach andadoptedMDR servicesin theaftermathof this incident Myorganizationfindsit difficult tohireexperiencedcybersecurity professionals,impacting our abilityto take onadvanced tasks like threat detection andresponse Myorganizationdid acost analysisand foundthatit wouldcost less to go with MDRservices ratherthantakeon thecost of threatdetectionand response operations ourselves. My organizationtriedto deployand operatethreat detection andresponse technologies butfound this tobe beyond our ability,therefore, weare replacinginternal threatdetectionand response efforts withan MDRservice MyorganizationbelievesanMDRservice providercan doa betterjob at threat detection andresponse thanwe can Myorganizationis alreadyworkingwithoneor several managed security service providerssoadding MDR to theservices theyprovide seems like agood business and technical decision Myorganizationneeded rapidthreat detection/responseimprovement and decidedthat anMDR offering wouldbe easier/quicker to onboardthan purchasing anddeploying threat detection/responsetechnologies
© 2019 by The EnterpriseStrategyGroup,Inc. MDR Preferences Skew toward Managed Products over Generic Managed Services Question text: Which of the following statements most accurately reflect your organization’s preference around MDR services? (Percent of respondents, N=345) My organization prefersto choose its own threat detection and response technologies and then choose an MDR provider that can assume operational responsibilities and oversight ofthese technologies, 55% My organization prefersto choose its own threat detection and response technologies, but it is willing to foregothese technology decisions if an MDR provider has the right businessand technical metrics to objectively prove its experience and value, 40% My organization doesn’t care which threat detection and responsetechnologies an MDR service provider chooses if it has the right businessand technical metrics to objectively prove its experience and value, 4% Don’t know, 1%
© 2019 by The EnterpriseStrategyGroup,Inc. The Bigger Truth • TDR Effectiveness is impacted by: • A shortage of staffand a gap in skills • Too many toolsand manual processes • Pervasive deployment of EDR • Post breach, strong benefits • Most organizations see benefits from MDR
Copyright © 2019 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY Symantec Panel Discussion go.symantec.com/EDR go.symantec.com/MEDR Bob Shaker CSS Product Management, Emerging Solutions and Innovation SteveMeckl Director, ManagedSecurity Services Operations Adam Glick Sr. TechnicalDirector, EDR Analytics
Enterprise StrategyGroup | Gettingto the bigger truth.™ © 2019 by The Enterprise Strategy Group, Inc. Jon Oltsik – Senior Principal Analyst & ESG Fellow jon.oltsik@esg-global.com @ESG_Global www.facebook.com/ESGglobal www.linkedin.com/company/enterprise-strategy-group www.youtube.com/user/ESGglobal www.esg-global.com Thank You! Please contact us for more information

Empfohlen

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 

Empfohlen

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Weitere ähnliche Inhalte

Mehr von Symantec

Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 

Mehr von Symantec (20)

Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 

Kürzlich hochgeladen

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Kürzlich hochgeladen (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Symantec & ESG Research Threat Detection and Response Webinar

  • 1. Explore the Benefits of Endpoint Detection and Response Tools and Services Symantec and ESG
  • 2. © 2019 by The EnterpriseStrategyGroup,Inc. EnterpriseStrategy Group | Gettingtothebiggertruth.™ © 2019 by The EnterpriseStrategyGroup,Inc. Threat Detection and Response, EDR, and MDR Jon Oltsik, Senior PrincipalAnalyst and ESG Fellow PREPARED BYESG FOR
  • 3. © 2019 by The EnterpriseStrategyGroup,Inc. Agenda • Why EDR/MEDR is important • Primary use cases for EDR • Important EDR attributes • Benefits of Managed EDR (MEDR) • Primary reasons for MEDR • The bigger truth
  • 4. © 2019 by The EnterpriseStrategyGroup,Inc. Question text: Please select one response per row that best reflectsyouropinion on each statement pertaining to threat detection/response. (Percent of respondents, N=372) Threat Detection Efforts Impactedby Resource Shortages and Skill Gaps 28% 28% 30% 30% 30% 31% 33% 35% 42% 45% 34% 35% 33% 34% 36% 37% 41% 42% 45% 37% 15% 17% 15% 17% 16% 18% 17% 16% 9% 14% 15% 14% 13% 12% 11% 9% 5% 4% 1% 2% 6% 5% 8% 6% 5% 3% 2% 2% 1% 1% 2% 2% 2% 1% 2% 1% 2% 2% 2% 2% Threat detection/response processes are not as formal as they should be Threat detection/response effectiveness is limited because of employee skills gaps Threat detection/response effectiveness is limited due to problems in the working relationship betweencybersecurity and IT operations team Threat detection/response effectiveness is limited because it is based upon toomany manual processes Threat detection/response effectiveness is limited because it is based upon multiple independent point tools Threat detection response effectiveness is impacted by a shortage of security staff members and/or limited security analytics and IR skills My organization’s threat detection/response strategy is anchored by a few key individuals Business management is pressuring the cybersecurityteam to improve threat detection/response We have a formal plan andfunding to improve threat detection/response Improving threat detection/response (i.e., MTTD/MTTR) is a high priority at myorganization 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree Don’t know
  • 5. © 2019 by The EnterpriseStrategyGroup,Inc. 45% 31% 14% 6% 4% Threat detection and response is much more difficult today than it was 2 years ago Threat detection and response is somewhat more difficult today than it was 2 years ago Threat detection and response is about the same today as it was 2 years ago Threat detection and response is somewhat less difficult today than it was 2 years ago Threat detection and response is much less difficult than it was 2 years ago 76% of Organizations Find TDR More Difficult Today Due to Sophisticated Threats, Increasing Workloads, and Growing Attack Surface Question text: Which ofthe following responses aligns most closely with threat detection and response at yourorganization (i.e., threat detection/response processes, tasks, workload, technology operations, etc.)? (Percent of respondents, N=372) Question text: What is the primary reason why youbelieve threat detection/response is more difficult today than it was 2 years ago? (Percent of respondents, N=283) TDR Landscape TodayCompared to 2 Years Ago 5 Primary Reason TDR Is Harder The volume and/or sophistication of threats has increased, 34% The threat detection/response workload has increased, 17% The attack surface has grown, 16% Threat detection/respons e is dependent on many manual processes at my organization,13% My organizationuses numerous disparate threat detection/response tools, 11% My organizationdoesn’t have the skills or appropriately sized cybersecurity staff, 8%
  • 6. © 2019 by The EnterpriseStrategyGroup,Inc. EDR Use Cases include Threat Hunting, Investigations, and Monitoring Question text: What are the primary use cases for EDRat your organization? (Percent of respondents, N=320, three responses accepted) 31% 31% 32% 34% 37% 38% 38% My organization installs EDR software on endpoints afterit is certain a system has been breached and then usesEDR as part of forensic investigations EDRsoftware is used fortraining purposes, to help junior analysts better understand how cyber-attacks impact actualsystems EDRsoftware is used to sweep for Indicators of Compromise (IoC) across endpoints to gauge the scope of infections My organization installs EDR software on endpoints when a breach is suspected andthen monitors endpoint behavior as part of an investigation EDR software is already installed on endpoints and my organization uses it to monitorendpoint behavior on a regular basis EDRsoftware is already installed on endpoints andmy organization uses it to monitorendpoint behavior as part of an investigation EDRsoftware is already installed on endpoints andmy organization uses it for proactive threathunting
  • 7. © 2019 by The EnterpriseStrategyGroup,Inc. Important EDR Attributes include Threat Intelligence, Automation, and Data Capture Question text: Which if the following are the most important attributes of an EDR solution for your organization? (Percent of respondents, N=320, multiple responses accepted) 20% 20% 21% 23% 24% 26% 27% 28% 30% 30% 32% 34% 37% 40% Support for the MITRE ATT&CK framework An EDR solution offered as a managed service Support for non-Windows endpoints and/or servers Documented and tested integration with other types of security… Tight integration with my organization’s existing endpoint prevention… Ease-of-use and deployment A cloud-based EDR solution An on-premises EDR solution Alertvalidation and/or investigation capabilities A hybrid EDR solution Built-in analytics Ability to capture and store a wide range of endpointmetadata… Built-in and/orautomated remediation actions Threat intelligence services/integration to enable comparisons…
  • 8. © 2019 by The EnterpriseStrategyGroup,Inc. Question text: What is youropinion on each of the following statements pertaining to EDR? (Percent ofrespondents, N=320) Benefitsof MDR 35% 37% 37% 40% 40% 43% 44% 45% 33% 40% 43% 38% 42% 35% 35% 38% 15% 15% 16% 16% 15% 18% 14% 14% 12% 5% 1% 4% 2% 4% 5% 3% 3% 3% 3% 3% 3% 2% My organization only needs rudimentary EDR functionality that we can use on an as-needed basis EDR carries a high total cost of ownership EDR product selection and ongoing operations areowned by my organization’s SOC team My organization’s EDR project was morecomplex than we anticipated We would benefit greatly if an EDR deployment could help us augment or assist the cybersecurity staff Whilemy organization uses EDR technology, we would benefit greatly by accompanying an EDR deployment with sometype(s) of managed services that could help us augment the cybersecurity staff My organization is comfortablewith uploading and storing EDR data in the cloud Using EDR effectively demands advanced security analytics skills 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
  • 9. © 2019 by The EnterpriseStrategyGroup,Inc. Around-the- Clock Alerting and Monitoring Is Far and Away Most Important MDR Feature Question text: Please rank thefollowing MDRfeatures and deliverables in terms of importance when it comes topurchasing these services. (Percent of respondents, N=345, percent ranked #1 displayed) 7% 7% 9% 9% 9% 10% 10% 12% 27% Onboarding support Incident Prioritization Access to MDR analysts Threat Response Recommendations Root Cause/Impact Analysis Threat Response Remediation Continuous Endpoint Scans Incident Reports 24x7 Critical Alerting and Monitoring
  • 10. © 2019 by The EnterpriseStrategyGroup,Inc. Why Use MDR? MEDR improvement, existing relationship,betterskills… Question text: What are the primary reasons behind your organization’s plans MDRservices? (Percent of respondents, N=345, three responses accepted) 3% 17% 18% 19% 20% 22% 23% 27% 28% 29% 32% Myorganization’sEDRtechnologyprovidersofferMDRservicesasanextension of their productsales,so wedecided to bundle MDRservicesinto our contracts Myorganizationdoesn’thavetherightskillsor staff sizefor 24/7threat detection andresponseoperations MyMSSPwasnot providingthe desired threat detection andresponse services,sowe optedfora morefocusedMDR service Athird-party recommendedthat my organizationadopt MDR services to improve ouroverall security posture Myorganizationsuffered asecurityincident/data breach andadoptedMDR servicesin theaftermathof this incident Myorganizationfindsit difficult tohireexperiencedcybersecurity professionals,impacting our abilityto take onadvanced tasks like threat detection andresponse Myorganizationdid acost analysisand foundthatit wouldcost less to go with MDRservices ratherthantakeon thecost of threatdetectionand response operations ourselves. My organizationtriedto deployand operatethreat detection andresponse technologies butfound this tobe beyond our ability,therefore, weare replacinginternal threatdetectionand response efforts withan MDRservice MyorganizationbelievesanMDRservice providercan doa betterjob at threat detection andresponse thanwe can Myorganizationis alreadyworkingwithoneor several managed security service providerssoadding MDR to theservices theyprovide seems like agood business and technical decision Myorganizationneeded rapidthreat detection/responseimprovement and decidedthat anMDR offering wouldbe easier/quicker to onboardthan purchasing anddeploying threat detection/responsetechnologies
  • 11. © 2019 by The EnterpriseStrategyGroup,Inc. MDR Preferences Skew toward Managed Products over Generic Managed Services Question text: Which of the following statements most accurately reflect your organization’s preference around MDR services? (Percent of respondents, N=345) My organization prefersto choose its own threat detection and response technologies and then choose an MDR provider that can assume operational responsibilities and oversight ofthese technologies, 55% My organization prefersto choose its own threat detection and response technologies, but it is willing to foregothese technology decisions if an MDR provider has the right businessand technical metrics to objectively prove its experience and value, 40% My organization doesn’t care which threat detection and responsetechnologies an MDR service provider chooses if it has the right businessand technical metrics to objectively prove its experience and value, 4% Don’t know, 1%
  • 12. © 2019 by The EnterpriseStrategyGroup,Inc. The Bigger Truth • TDR Effectiveness is impacted by: • A shortage of staffand a gap in skills • Too many toolsand manual processes • Pervasive deployment of EDR • Post breach, strong benefits • Most organizations see benefits from MDR
  • 13. Copyright © 2019 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY Symantec Panel Discussion go.symantec.com/EDR go.symantec.com/MEDR Bob Shaker CSS Product Management, Emerging Solutions and Innovation SteveMeckl Director, ManagedSecurity Services Operations Adam Glick Sr. TechnicalDirector, EDR Analytics
  • 14. Enterprise StrategyGroup | Gettingto the bigger truth.™ © 2019 by The Enterprise Strategy Group, Inc. Jon Oltsik – Senior Principal Analyst & ESG Fellow jon.oltsik@esg-global.com @ESG_Global www.facebook.com/ESGglobal www.linkedin.com/company/enterprise-strategy-group www.youtube.com/user/ESGglobal www.esg-global.com Thank You! Please contact us for more information