February 8, 2017 Security operations
Suzanne Moore

A Guide to Evaluating EDR Security Products: 15 Critical Questions to Ask

The EDR market is booming. A recent Gartner report found that the EDR market more than doubled in 2016, and another analysis predicts the number of organizations using EDR security products will triple over the next five years.

However, growth does not come without challenges. Many security teams struggle to define the right questions to ask when looking to add EDR to their security posture. Identifying the right EDR security product requires a complete understanding of:

  • Your business needs, technical requirements, and internal capabilities
  • The potential impact an EDR product will have on your organization and security operations
  • Key variables you should use to help you differentiate between EDR security products

Download: 15 Questions You Need to Answer 

Guidance for Evaluating EDR Security Products

Red Canary’s technical team has guided hundreds of organizations through successful EDR evaluations and implementations. We keep constant tabs on the EDR market and are always assessing new technology. To help security professionals in their evaluation process, we worked with our security operations and technical account teams to develop an EDR Buyer’s Guide. It walks buyers through 15 questions to ask and provides worksheets, resources, and tips to reference during evaluations. Topics include:

Why are you investing in an EDR program?

Understanding your goals is a critical first step to narrowing the field. Use our worksheet to rank your team’s concerns and align your use case with EDR security products that have stronger capabilities in those areas.

EDR Security Products: Evaluate Business Needs

What level of expertise and time commitment is needed to use the solution?

It’s important to remember that an EDR security product alone does not give your organization an EDR capability. We’ll help you take a closer look at the expertise and disciplines required, and offer tips for when to consider a managed solution.

EDR Security Products: EDR Disciplines

How does the solution detect threats to your organization?

Understanding the types of threats an EDR security product detects—as well as the technologies and techniques that are used—should be central to your evaluation. The EDR Buyer’s Guide takes a deep dive into what buyers need to know about detection capabilities and provides:

  • Worksheets to help you evaluate threat detection and technologies
  • Common detection scenarios to run through with potential EDR security vendors/li>
  • Points to consider surrounding detection coverage, tuning, and false positive/false negative rates

EDR Security Products: Detection Capabilities and TechnologiesKey Takeaways for Teams Evaluating EDR Security Products

EDR security products offer powerful technology to help organizations better defend against today’s increasingly complex threats. However, it’s important to evaluate processes, people, and technology simultaneously in order to understand the full value of your EDR investment.

Red Canary was built to support organizations struggling to manage the complexities of threat detection and response. We hope this guide helps you through your evaluation and purchase.

Evaluating EDR Products: EDR Buyer's Guide


Expediting false positive identification with string comparison algorithms


Endpoint Security vs Network Security: Where to Invest Your Budget


Meet Greg Bailey: former red team lead, now director of incident handling


Building security from the ground up as a team of one

Subscribe to our blog