TECH BUYER Jan 2020 - IDC Perspective - Doc # US45794219
Endpoint Security 2020: The Resurgence of EPP and the Manifest Destiny of EDR
This IDC Perspective discusses the role of EPP and EDR as endpoint protection techniques.
PC-era signature-based endpoint protection techniques were rendered helpless due to the "patient zero" effect. Ultimately, the reactive signature approach succumbed to an explosion of malware variants. EPP went from being signature centric to being behavioral centric. EDR armed security professionals with a new arsenal of forensics tools that were not of the historic log-based or alert-based SIEM-centric variety. Both EPP and EDR have very valuable but precisely defined roles. Knowing the role of each is essential.
"As we realized the value of EDR, we lost our way. Certainly, EDR has an important role, but making up for deficient EPP with EDR is a fool's errand. We should expect our EPP to protect our endpoint — period! EDR provides context-enhanced visibility for threats that cannot be detected from endpoint telemetry alone. Knowing the role of each is important as we move into the next decade." — Frank Dickson, program vice president, Security and Trust, IDC