EDR

Peak‘Apex One’ – it’s difficult to think of a more confident, self-assured name for a new brand!

And it’s a brand on a mission, too – to take the burdensome management out of security. As the Apex One developers put it in their blog, this is about “detecting and blocking as many endpoint threats as possible, without manual intervention.”

This, in turn, translates into less pressure on security teams, lighter workload for security service providers, and less costly time and effort involved overall.

But is this a solution the channel will want to sell? Is it easy and profitable to deploy and manage? And what makes it different from (and better than) what went before?

You can read the full solution brief on our website, but meanwhile here’s our take on it.

Single agent: a game-changer?

Trend’s existing XGen technology already automates threat detection across security layers and endpoints, including PC, Mac and VDI.

But where even the most automated threat detection capability stumbles is the need to use multiple agents to deliver across different kinds of customer deployment – like cloud, on-premise, and hybrid.

Here, Apex One plays a blinder. It has a single agent that is consistent across all customer deployment types, significantly diminishing deployment and ongoing management overheads, and reducing the risk of automation being devalued by interruption.

Given the high proportion of enterprise clients who have complex hybrid environments, this has to be a winner!

Detection and remediation: all done for you!

But security channel partners and in-house security teams alike also need to be sure that what is being automated is the most effective way for dealing with the broadest possible range of threats. Inadequate protection delivered automatically is not a value-add!

Apex One appears to be well ahead of the curve here, however, because it focuses its automation not on preventing threats (an impossible aim), but instead on detecting and removing them.

Unknown or fileless threat? Machine learning and behavioural analysis will spot its threatening characteristics and take action.

Operating system vulnerability? Apex One creates its own virtual patches to prevent zero-day exploits from making it onto any endpoint.

And if you’re hearing echoes of EDR (Endpoint Detection and Response) at this point, it’s true that Apex One offers upsell potential into both Trend’s full EDR and MDR (Managed Detection and Response) solutions - but it’s also important to understand that what Trend have built here is in fact something quite distinct.

Whereas EDR tends fundamentally be a noisy and manual process to manage (as we explained in this earlier post) automated detection and response - which is what Trend call it - neatly does much of it for you.

Manage, visualise, investigate – all in one place

The more you can understand about a threat, the more effective the measures you can take against it.

But the challenge is in corralling all the threat information – including user-based visibility, policy management, and log aggregation - into one place, in a way that makes sense of it.

Apex One has created a centralised console that enables exactly this, so although for some more detailed analysis a connection to an optional EDR dashboard is necessary, visualisation, investigation and reporting are already built into its standard configuration, adding an inbuilt layer of insight that other solutions don’t have.

Conclusions: is Apex One the peak of security for channel partners?

Everyone likes a great name and a strong story, and Apex One has got both in spades – not least because it is in fact essentially the new brand name for the existing Trend endpoint security solution within its Smart Protection Suites solutions family.

But this is not some kind of rebadging exercise to revive a flagging solution – because Trend’s endpoint solution isn’t flagging. Just the opposite, in fact: it has received high praise from industry analysts like Gartner year after year, including in 2018.

But coupling it with a single agent shows that there’s a strategic endgame in mind: to make Trend’s endpoint security solutions as effortless as possible to use across every client environment – and therefore very hard to displace.

For end-clients and channel partners alike – and particularly existing Trend Micro Office Scan users, who will receive Apex One as a regular update at no additional cost - that’s a rebrand that will deliver far more than just a new name and a shiny logo.

Endpoint Detection and Response (EDR) has become a Gartner buzzword. We point you to the kind of solution that will enable you to deliver it – profitably!

EDR – Endpoint Detection and Response - is the acronym currently setting the security industry a-buzz.

Industry analyst Gartner - who came up with the first EDR-type concept back in 2013 - has recently concluded that a more proactive alternative to simply attempting to block attacks is now needed, providing early detection, but also minimising dwell time and damage if an attack does indeed find a foothold. This is what EDR delivers.

It can – in theory – help service providers, resellers and other IT companies to climb the value chain by adding a valuable new layer of protection to customers’ security infrastructure.

But this is only worthwhile if the EDR solution is rapid to deploy, easy to use and manage, and profitable.

EDR is certainly powerful – but is it viable?

EDR done better, made profitable

The challenge up until now has been that EDR solutions are, by their nature, typically very ‘noisy’, generating high volumes of superfluous alerts that then have to be manually sifted through. In practical terms, this can make them almost unusable.

There’s the ‘complexity cost’ to consider, too. Most EDR solutions tend to rely on multiple agents, which are a significant management overhead for your customers (and - if you’re delivering EDR as a managed service - for you.)

So, noisy, difficult to use, highly manual, costly to manage – does EDR really offer anything to move you up that customer value chain?

The short answer is yes – because we’re now seeing smarter EDR solutions emerge that have already comprehensively overcome these shortcomings, taking a far less noisy and less manual operational approach that adds significant value both to what EDR delivers and how it delivers it.

Bitdefender: blazing a brave new EDR trail

Take a solution like Bitdefender’s GravityZone EDR, for example.

It has made it easy to add EDR to customers’ existing security infrastructure (thus increasing your revenues per customer), but with far less IT resource necessary on your part, and with vastly reduced management overheads.

How does it do this? Through a combination of six critical features that most EDR solutions simply don’t offer:

  1. Rapid deployment – Cloud-based, up and running in hours, not days.
  2. Simplification – One agent to manage, not many.
  3. Ease of use - A single, unified management console to control everything.
  4. Automated response and repair – No need for manual intervention - identified threats are removed automatically.
  5. Compatibility – Works with all existing solutions from the same family
  6. Artificial intelligence and machine learning – Reduces the management overhead caused by unnecessary noise; learns to identify false alarms and trivial threats, enabling the EDR layer to focus on the real and dangerous.

Bitdefender calls this highly automated, intelligent approach to EDR ‘funnel-based’, and you can see immediately that it’s a clear departure from the existing noisy, manual EDR orthodoxy – and one that makes a much more attractive proposition to service providers, resellers and their customers alike.

EDR Funnel

But do customers even want EDR?

If we said customers’ demand for EDR is set to go stratospheric, we probably wouldn’t be exaggerating.

An EDR article in eSecurity Planet, for example, describes the growth in EDR as “explosive” and reports that Gartner's forecast “is for almost 50% annual growth for EDR at least through 2020, putting it way out in front of most areas of IT.”

This in turn points to a market value – again, according to Gartner’s EDR estimates - of some $1.5 billion (£1.14 billion) – extremely plausible when you consider that, according to eSecurity Planet, only 40 million EDR endpoints are currently installed, compared to the estimated 711 million desktop, laptop and other devices that can use the software!

And in this recent global EDR survey, 72% of respondents reported their teams already suffer ‘alert fatigue’ – strong evidence that the demand will ultimately be shaped by the availability of solutions like Bitdefender EDR that don’t fall into the ‘noisy and difficult to manage’ bracket.

The message from the market is clear: for service providers, resellers and other IT partners, EDR is a revenue boost waiting to happen.

Just make sure you choose to sell solutions that are actually usable!