SlideShare une entreprise Scribd logo

Symantec & ESG Research Threat Detection and Response Webinar

Symantec
Symantec

Explore the benefits of Endpoint Detection and Response Tools and Services. Watch the on-demand version here https://symc.ly/2Z2SKGY.

Technologie
1  sur  14
Télécharger pour lire hors ligne
Explore the Benefits of Endpoint Detection and Response Tools and Services Symantec and ESG
© 2019 by The EnterpriseStrategyGroup,Inc. EnterpriseStrategy Group | Gettingtothebiggertruth.™ © 2019 by The EnterpriseStrategyGroup,Inc. Threat Detection and Response, EDR, and MDR Jon Oltsik, Senior PrincipalAnalyst and ESG Fellow PREPARED BYESG FOR
© 2019 by The EnterpriseStrategyGroup,Inc. Agenda • Why EDR/MEDR is important • Primary use cases for EDR • Important EDR attributes • Benefits of Managed EDR (MEDR) • Primary reasons for MEDR • The bigger truth
© 2019 by The EnterpriseStrategyGroup,Inc. Question text: Please select one response per row that best reflectsyouropinion on each statement pertaining to threat detection/response. (Percent of respondents, N=372) Threat Detection Efforts Impactedby Resource Shortages and Skill Gaps 28% 28% 30% 30% 30% 31% 33% 35% 42% 45% 34% 35% 33% 34% 36% 37% 41% 42% 45% 37% 15% 17% 15% 17% 16% 18% 17% 16% 9% 14% 15% 14% 13% 12% 11% 9% 5% 4% 1% 2% 6% 5% 8% 6% 5% 3% 2% 2% 1% 1% 2% 2% 2% 1% 2% 1% 2% 2% 2% 2% Threat detection/response processes are not as formal as they should be Threat detection/response effectiveness is limited because of employee skills gaps Threat detection/response effectiveness is limited due to problems in the working relationship betweencybersecurity and IT operations team Threat detection/response effectiveness is limited because it is based upon toomany manual processes Threat detection/response effectiveness is limited because it is based upon multiple independent point tools Threat detection response effectiveness is impacted by a shortage of security staff members and/or limited security analytics and IR skills My organization’s threat detection/response strategy is anchored by a few key individuals Business management is pressuring the cybersecurityteam to improve threat detection/response We have a formal plan andfunding to improve threat detection/response Improving threat detection/response (i.e., MTTD/MTTR) is a high priority at myorganization 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree Don’t know
© 2019 by The EnterpriseStrategyGroup,Inc. 45% 31% 14% 6% 4% Threat detection and response is much more difficult today than it was 2 years ago Threat detection and response is somewhat more difficult today than it was 2 years ago Threat detection and response is about the same today as it was 2 years ago Threat detection and response is somewhat less difficult today than it was 2 years ago Threat detection and response is much less difficult than it was 2 years ago 76% of Organizations Find TDR More Difficult Today Due to Sophisticated Threats, Increasing Workloads, and Growing Attack Surface Question text: Which ofthe following responses aligns most closely with threat detection and response at yourorganization (i.e., threat detection/response processes, tasks, workload, technology operations, etc.)? (Percent of respondents, N=372) Question text: What is the primary reason why youbelieve threat detection/response is more difficult today than it was 2 years ago? (Percent of respondents, N=283) TDR Landscape TodayCompared to 2 Years Ago 5 Primary Reason TDR Is Harder The volume and/or sophistication of threats has increased, 34% The threat detection/response workload has increased, 17% The attack surface has grown, 16% Threat detection/respons e is dependent on many manual processes at my organization,13% My organizationuses numerous disparate threat detection/response tools, 11% My organizationdoesn’t have the skills or appropriately sized cybersecurity staff, 8%
© 2019 by The EnterpriseStrategyGroup,Inc. EDR Use Cases include Threat Hunting, Investigations, and Monitoring Question text: What are the primary use cases for EDRat your organization? (Percent of respondents, N=320, three responses accepted) 31% 31% 32% 34% 37% 38% 38% My organization installs EDR software on endpoints afterit is certain a system has been breached and then usesEDR as part of forensic investigations EDRsoftware is used fortraining purposes, to help junior analysts better understand how cyber-attacks impact actualsystems EDRsoftware is used to sweep for Indicators of Compromise (IoC) across endpoints to gauge the scope of infections My organization installs EDR software on endpoints when a breach is suspected andthen monitors endpoint behavior as part of an investigation EDR software is already installed on endpoints and my organization uses it to monitorendpoint behavior on a regular basis EDRsoftware is already installed on endpoints andmy organization uses it to monitorendpoint behavior as part of an investigation EDRsoftware is already installed on endpoints andmy organization uses it for proactive threathunting
© 2019 by The EnterpriseStrategyGroup,Inc. Important EDR Attributes include Threat Intelligence, Automation, and Data Capture Question text: Which if the following are the most important attributes of an EDR solution for your organization? (Percent of respondents, N=320, multiple responses accepted) 20% 20% 21% 23% 24% 26% 27% 28% 30% 30% 32% 34% 37% 40% Support for the MITRE ATT&CK framework An EDR solution offered as a managed service Support for non-Windows endpoints and/or servers Documented and tested integration with other types of security… Tight integration with my organization’s existing endpoint prevention… Ease-of-use and deployment A cloud-based EDR solution An on-premises EDR solution Alertvalidation and/or investigation capabilities A hybrid EDR solution Built-in analytics Ability to capture and store a wide range of endpointmetadata… Built-in and/orautomated remediation actions Threat intelligence services/integration to enable comparisons…
© 2019 by The EnterpriseStrategyGroup,Inc. Question text: What is youropinion on each of the following statements pertaining to EDR? (Percent ofrespondents, N=320) Benefitsof MDR 35% 37% 37% 40% 40% 43% 44% 45% 33% 40% 43% 38% 42% 35% 35% 38% 15% 15% 16% 16% 15% 18% 14% 14% 12% 5% 1% 4% 2% 4% 5% 3% 3% 3% 3% 3% 3% 2% My organization only needs rudimentary EDR functionality that we can use on an as-needed basis EDR carries a high total cost of ownership EDR product selection and ongoing operations areowned by my organization’s SOC team My organization’s EDR project was morecomplex than we anticipated We would benefit greatly if an EDR deployment could help us augment or assist the cybersecurity staff Whilemy organization uses EDR technology, we would benefit greatly by accompanying an EDR deployment with sometype(s) of managed services that could help us augment the cybersecurity staff My organization is comfortablewith uploading and storing EDR data in the cloud Using EDR effectively demands advanced security analytics skills 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
© 2019 by The EnterpriseStrategyGroup,Inc. Around-the- Clock Alerting and Monitoring Is Far and Away Most Important MDR Feature Question text: Please rank thefollowing MDRfeatures and deliverables in terms of importance when it comes topurchasing these services. (Percent of respondents, N=345, percent ranked #1 displayed) 7% 7% 9% 9% 9% 10% 10% 12% 27% Onboarding support Incident Prioritization Access to MDR analysts Threat Response Recommendations Root Cause/Impact Analysis Threat Response Remediation Continuous Endpoint Scans Incident Reports 24x7 Critical Alerting and Monitoring
© 2019 by The EnterpriseStrategyGroup,Inc. Why Use MDR? MEDR improvement, existing relationship,betterskills… Question text: What are the primary reasons behind your organization’s plans MDRservices? (Percent of respondents, N=345, three responses accepted) 3% 17% 18% 19% 20% 22% 23% 27% 28% 29% 32% Myorganization’sEDRtechnologyprovidersofferMDRservicesasanextension of their productsales,so wedecided to bundle MDRservicesinto our contracts Myorganizationdoesn’thavetherightskillsor staff sizefor 24/7threat detection andresponseoperations MyMSSPwasnot providingthe desired threat detection andresponse services,sowe optedfora morefocusedMDR service Athird-party recommendedthat my organizationadopt MDR services to improve ouroverall security posture Myorganizationsuffered asecurityincident/data breach andadoptedMDR servicesin theaftermathof this incident Myorganizationfindsit difficult tohireexperiencedcybersecurity professionals,impacting our abilityto take onadvanced tasks like threat detection andresponse Myorganizationdid acost analysisand foundthatit wouldcost less to go with MDRservices ratherthantakeon thecost of threatdetectionand response operations ourselves. My organizationtriedto deployand operatethreat detection andresponse technologies butfound this tobe beyond our ability,therefore, weare replacinginternal threatdetectionand response efforts withan MDRservice MyorganizationbelievesanMDRservice providercan doa betterjob at threat detection andresponse thanwe can Myorganizationis alreadyworkingwithoneor several managed security service providerssoadding MDR to theservices theyprovide seems like agood business and technical decision Myorganizationneeded rapidthreat detection/responseimprovement and decidedthat anMDR offering wouldbe easier/quicker to onboardthan purchasing anddeploying threat detection/responsetechnologies
© 2019 by The EnterpriseStrategyGroup,Inc. MDR Preferences Skew toward Managed Products over Generic Managed Services Question text: Which of the following statements most accurately reflect your organization’s preference around MDR services? (Percent of respondents, N=345) My organization prefersto choose its own threat detection and response technologies and then choose an MDR provider that can assume operational responsibilities and oversight ofthese technologies, 55% My organization prefersto choose its own threat detection and response technologies, but it is willing to foregothese technology decisions if an MDR provider has the right businessand technical metrics to objectively prove its experience and value, 40% My organization doesn’t care which threat detection and responsetechnologies an MDR service provider chooses if it has the right businessand technical metrics to objectively prove its experience and value, 4% Don’t know, 1%
© 2019 by The EnterpriseStrategyGroup,Inc. The Bigger Truth • TDR Effectiveness is impacted by: • A shortage of staffand a gap in skills • Too many toolsand manual processes • Pervasive deployment of EDR • Post breach, strong benefits • Most organizations see benefits from MDR
Copyright © 2019 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY Symantec Panel Discussion go.symantec.com/EDR go.symantec.com/MEDR Bob Shaker CSS Product Management, Emerging Solutions and Innovation SteveMeckl Director, ManagedSecurity Services Operations Adam Glick Sr. TechnicalDirector, EDR Analytics
Enterprise StrategyGroup | Gettingto the bigger truth.™ © 2019 by The Enterprise Strategy Group, Inc. Jon Oltsik – Senior Principal Analyst & ESG Fellow jon.oltsik@esg-global.com @ESG_Global www.facebook.com/ESGglobal www.linkedin.com/company/enterprise-strategy-group www.youtube.com/user/ESGglobal www.esg-global.com Thank You! Please contact us for more information

Recommandé

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 

Recommandé

Symantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec Enterprise Security Products are now part of Broadcom
Symantec Enterprise Security Products are now part of BroadcomSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
 
Symantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec Webinar | National Cyber Security Awareness Month: Protect IT
Symantec Webinar | National Cyber Security Awareness Month: Protect ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec Webinar | National Cyber Security Awareness Month: Secure IT
Symantec Webinar | National Cyber Security Awareness Month: Secure ITSymantec
 
Symantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec Webinar | National Cyber Security Awareness Month - Own IT
Symantec Webinar | National Cyber Security Awareness Month - Own ITSymantec
 
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)
Symantec Webinar: Preparing for the California Consumer Privacy Act (CCPA)Symantec
 
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK
Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CKSymantec
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec
 
Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Contenu connexe

Plus de Symantec

Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 

Plus de Symantec (20)

Symantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat ReportSymantec Webinar Cloud Security Threat Report
Symantec Webinar Cloud Security Threat Report
 
Symantec Cloud Security Threat Report
Symantec Cloud Security Threat ReportSymantec Cloud Security Threat Report
Symantec Cloud Security Threat Report
 
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
Symantec Webinar | Security Analytics Breached! Next Generation Network Foren...
 
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Symantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year OnSymantec Webinar: GDPR 1 Year On
Symantec Webinar: GDPR 1 Year On
 
Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019Symantec ISTR 24 Webcast 2019
Symantec ISTR 24 Webcast 2019
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy BearSymantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
Symantec Webinar Using Advanced Detection and MITRE ATT&CK to Cage Fancy Bear
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
Symantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 WebinarSymantec Internet Security Threat Report (ISTR) 23 Webinar
Symantec Internet Security Threat Report (ISTR) 23 Webinar
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 

Dernier

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Dernier (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Symantec & ESG Research Threat Detection and Response Webinar

  • 1. Explore the Benefits of Endpoint Detection and Response Tools and Services Symantec and ESG
  • 2. © 2019 by The EnterpriseStrategyGroup,Inc. EnterpriseStrategy Group | Gettingtothebiggertruth.™ © 2019 by The EnterpriseStrategyGroup,Inc. Threat Detection and Response, EDR, and MDR Jon Oltsik, Senior PrincipalAnalyst and ESG Fellow PREPARED BYESG FOR
  • 3. © 2019 by The EnterpriseStrategyGroup,Inc. Agenda • Why EDR/MEDR is important • Primary use cases for EDR • Important EDR attributes • Benefits of Managed EDR (MEDR) • Primary reasons for MEDR • The bigger truth
  • 4. © 2019 by The EnterpriseStrategyGroup,Inc. Question text: Please select one response per row that best reflectsyouropinion on each statement pertaining to threat detection/response. (Percent of respondents, N=372) Threat Detection Efforts Impactedby Resource Shortages and Skill Gaps 28% 28% 30% 30% 30% 31% 33% 35% 42% 45% 34% 35% 33% 34% 36% 37% 41% 42% 45% 37% 15% 17% 15% 17% 16% 18% 17% 16% 9% 14% 15% 14% 13% 12% 11% 9% 5% 4% 1% 2% 6% 5% 8% 6% 5% 3% 2% 2% 1% 1% 2% 2% 2% 1% 2% 1% 2% 2% 2% 2% Threat detection/response processes are not as formal as they should be Threat detection/response effectiveness is limited because of employee skills gaps Threat detection/response effectiveness is limited due to problems in the working relationship betweencybersecurity and IT operations team Threat detection/response effectiveness is limited because it is based upon toomany manual processes Threat detection/response effectiveness is limited because it is based upon multiple independent point tools Threat detection response effectiveness is impacted by a shortage of security staff members and/or limited security analytics and IR skills My organization’s threat detection/response strategy is anchored by a few key individuals Business management is pressuring the cybersecurityteam to improve threat detection/response We have a formal plan andfunding to improve threat detection/response Improving threat detection/response (i.e., MTTD/MTTR) is a high priority at myorganization 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree Don’t know
  • 5. © 2019 by The EnterpriseStrategyGroup,Inc. 45% 31% 14% 6% 4% Threat detection and response is much more difficult today than it was 2 years ago Threat detection and response is somewhat more difficult today than it was 2 years ago Threat detection and response is about the same today as it was 2 years ago Threat detection and response is somewhat less difficult today than it was 2 years ago Threat detection and response is much less difficult than it was 2 years ago 76% of Organizations Find TDR More Difficult Today Due to Sophisticated Threats, Increasing Workloads, and Growing Attack Surface Question text: Which ofthe following responses aligns most closely with threat detection and response at yourorganization (i.e., threat detection/response processes, tasks, workload, technology operations, etc.)? (Percent of respondents, N=372) Question text: What is the primary reason why youbelieve threat detection/response is more difficult today than it was 2 years ago? (Percent of respondents, N=283) TDR Landscape TodayCompared to 2 Years Ago 5 Primary Reason TDR Is Harder The volume and/or sophistication of threats has increased, 34% The threat detection/response workload has increased, 17% The attack surface has grown, 16% Threat detection/respons e is dependent on many manual processes at my organization,13% My organizationuses numerous disparate threat detection/response tools, 11% My organizationdoesn’t have the skills or appropriately sized cybersecurity staff, 8%
  • 6. © 2019 by The EnterpriseStrategyGroup,Inc. EDR Use Cases include Threat Hunting, Investigations, and Monitoring Question text: What are the primary use cases for EDRat your organization? (Percent of respondents, N=320, three responses accepted) 31% 31% 32% 34% 37% 38% 38% My organization installs EDR software on endpoints afterit is certain a system has been breached and then usesEDR as part of forensic investigations EDRsoftware is used fortraining purposes, to help junior analysts better understand how cyber-attacks impact actualsystems EDRsoftware is used to sweep for Indicators of Compromise (IoC) across endpoints to gauge the scope of infections My organization installs EDR software on endpoints when a breach is suspected andthen monitors endpoint behavior as part of an investigation EDR software is already installed on endpoints and my organization uses it to monitorendpoint behavior on a regular basis EDRsoftware is already installed on endpoints andmy organization uses it to monitorendpoint behavior as part of an investigation EDRsoftware is already installed on endpoints andmy organization uses it for proactive threathunting
  • 7. © 2019 by The EnterpriseStrategyGroup,Inc. Important EDR Attributes include Threat Intelligence, Automation, and Data Capture Question text: Which if the following are the most important attributes of an EDR solution for your organization? (Percent of respondents, N=320, multiple responses accepted) 20% 20% 21% 23% 24% 26% 27% 28% 30% 30% 32% 34% 37% 40% Support for the MITRE ATT&CK framework An EDR solution offered as a managed service Support for non-Windows endpoints and/or servers Documented and tested integration with other types of security… Tight integration with my organization’s existing endpoint prevention… Ease-of-use and deployment A cloud-based EDR solution An on-premises EDR solution Alertvalidation and/or investigation capabilities A hybrid EDR solution Built-in analytics Ability to capture and store a wide range of endpointmetadata… Built-in and/orautomated remediation actions Threat intelligence services/integration to enable comparisons…
  • 8. © 2019 by The EnterpriseStrategyGroup,Inc. Question text: What is youropinion on each of the following statements pertaining to EDR? (Percent ofrespondents, N=320) Benefitsof MDR 35% 37% 37% 40% 40% 43% 44% 45% 33% 40% 43% 38% 42% 35% 35% 38% 15% 15% 16% 16% 15% 18% 14% 14% 12% 5% 1% 4% 2% 4% 5% 3% 3% 3% 3% 3% 3% 2% My organization only needs rudimentary EDR functionality that we can use on an as-needed basis EDR carries a high total cost of ownership EDR product selection and ongoing operations areowned by my organization’s SOC team My organization’s EDR project was morecomplex than we anticipated We would benefit greatly if an EDR deployment could help us augment or assist the cybersecurity staff Whilemy organization uses EDR technology, we would benefit greatly by accompanying an EDR deployment with sometype(s) of managed services that could help us augment the cybersecurity staff My organization is comfortablewith uploading and storing EDR data in the cloud Using EDR effectively demands advanced security analytics skills 0% 20% 40% 60% 80% 100% Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree
  • 9. © 2019 by The EnterpriseStrategyGroup,Inc. Around-the- Clock Alerting and Monitoring Is Far and Away Most Important MDR Feature Question text: Please rank thefollowing MDRfeatures and deliverables in terms of importance when it comes topurchasing these services. (Percent of respondents, N=345, percent ranked #1 displayed) 7% 7% 9% 9% 9% 10% 10% 12% 27% Onboarding support Incident Prioritization Access to MDR analysts Threat Response Recommendations Root Cause/Impact Analysis Threat Response Remediation Continuous Endpoint Scans Incident Reports 24x7 Critical Alerting and Monitoring
  • 10. © 2019 by The EnterpriseStrategyGroup,Inc. Why Use MDR? MEDR improvement, existing relationship,betterskills… Question text: What are the primary reasons behind your organization’s plans MDRservices? (Percent of respondents, N=345, three responses accepted) 3% 17% 18% 19% 20% 22% 23% 27% 28% 29% 32% Myorganization’sEDRtechnologyprovidersofferMDRservicesasanextension of their productsales,so wedecided to bundle MDRservicesinto our contracts Myorganizationdoesn’thavetherightskillsor staff sizefor 24/7threat detection andresponseoperations MyMSSPwasnot providingthe desired threat detection andresponse services,sowe optedfora morefocusedMDR service Athird-party recommendedthat my organizationadopt MDR services to improve ouroverall security posture Myorganizationsuffered asecurityincident/data breach andadoptedMDR servicesin theaftermathof this incident Myorganizationfindsit difficult tohireexperiencedcybersecurity professionals,impacting our abilityto take onadvanced tasks like threat detection andresponse Myorganizationdid acost analysisand foundthatit wouldcost less to go with MDRservices ratherthantakeon thecost of threatdetectionand response operations ourselves. My organizationtriedto deployand operatethreat detection andresponse technologies butfound this tobe beyond our ability,therefore, weare replacinginternal threatdetectionand response efforts withan MDRservice MyorganizationbelievesanMDRservice providercan doa betterjob at threat detection andresponse thanwe can Myorganizationis alreadyworkingwithoneor several managed security service providerssoadding MDR to theservices theyprovide seems like agood business and technical decision Myorganizationneeded rapidthreat detection/responseimprovement and decidedthat anMDR offering wouldbe easier/quicker to onboardthan purchasing anddeploying threat detection/responsetechnologies
  • 11. © 2019 by The EnterpriseStrategyGroup,Inc. MDR Preferences Skew toward Managed Products over Generic Managed Services Question text: Which of the following statements most accurately reflect your organization’s preference around MDR services? (Percent of respondents, N=345) My organization prefersto choose its own threat detection and response technologies and then choose an MDR provider that can assume operational responsibilities and oversight ofthese technologies, 55% My organization prefersto choose its own threat detection and response technologies, but it is willing to foregothese technology decisions if an MDR provider has the right businessand technical metrics to objectively prove its experience and value, 40% My organization doesn’t care which threat detection and responsetechnologies an MDR service provider chooses if it has the right businessand technical metrics to objectively prove its experience and value, 4% Don’t know, 1%
  • 12. © 2019 by The EnterpriseStrategyGroup,Inc. The Bigger Truth • TDR Effectiveness is impacted by: • A shortage of staffand a gap in skills • Too many toolsand manual processes • Pervasive deployment of EDR • Post breach, strong benefits • Most organizations see benefits from MDR
  • 13. Copyright © 2019 Symantec Corporation SYMANTEC CONFIDENTIAL – INTERNAL USE ONLY Symantec Panel Discussion go.symantec.com/EDR go.symantec.com/MEDR Bob Shaker CSS Product Management, Emerging Solutions and Innovation SteveMeckl Director, ManagedSecurity Services Operations Adam Glick Sr. TechnicalDirector, EDR Analytics
  • 14. Enterprise StrategyGroup | Gettingto the bigger truth.™ © 2019 by The Enterprise Strategy Group, Inc. Jon Oltsik – Senior Principal Analyst & ESG Fellow jon.oltsik@esg-global.com @ESG_Global www.facebook.com/ESGglobal www.linkedin.com/company/enterprise-strategy-group www.youtube.com/user/ESGglobal www.esg-global.com Thank You! Please contact us for more information