The security team is comprised of several different teams that report to the CISO. The infrastructure security team evaluated EDR and next-generation antivirus solutions, comparing critical functionalities and technology components.
The lead infrastructure security engineer (we’ll call him Bryan) determined that EDR would provide the layer of defense the organization needed. Not only would the solution stop advanced threats that antivirus didn’t catch, but it would also record all endpoint activity.
EDR has become the most critical security tool for endpoints because you are capturing everything that is happening. Anything that executes, you’re tracing it, tracking it, and doing analytics on it. If someone manages to do something bad on an endpoint, EDR will see it. Without it, you’re missing a critical component of defense. —Bryan, Lead Infrastructure Security Engineer
The team selected Carbon Black Response based on the sensor’s depth of visibility and data, but they knew it would be a full-time job to look at all the data, write rules and logic, and investigate alerts. They would either need heavy automation and additional staff or a very technical managed provider.
Bryan strongly believed that partnership was the better route. “It is my firm belief that in any security program, you cannot solve it with automation alone,” he explained. “You still need to have human eyes, reasoning, and logic. Without it, you might catch 95% of things—but what about the other 5%? A solid security program requires a two-pronged approach of automation and people.”