AI driven EDR dramatically reduced the workload involved in manual endpoint detection and response. However, the human element of threat hunting remains invaluable.
Cybersecurity Solutions Require Supervision
Managed Service Providers (MSPs) are in the business of providing a variety of essential technical services to businesses. When a vendor offers a solution that eases the risk of cybersecurity with the promise of lower cost – MSPs listen.
After all, the business proposition is clear. Unfortunately, implicit trust in a vendor sometimes comes with a price.
We’ve heard tales of cybersecurity vendors making promises about saving the cost of an entire salary or multiple salaries after deploying a managed security solution. Or, that a a new technological development will change how your managed service business looks at human-led detection.
The truth is: all cybersecurity solutions require some level of supervision. While the number of total people required to offer thorough endpoint security has been reduced, people are an essential part of the endpoint security equation.
AI Driven EDR is Truly a Game Changer
AI driven EDR roots out breaches before they become threats. By using an automated approach to threat detection, some EDR solutions quickly assess the scale of a compromise. This assessment depends on the capture of in-depth, critical data and root cause analysis.
Many AI driven solutions combine machine learning, custom rules and detailed algorithms to identify advanced threats far more rapidly than a human threat hunter could. The level of detail and the speed at which detection can take place is exponentially higher than what a human security operations team is capable of.
AI Driven EDR Still Triggers Alerts
Artificial intelligence and machine learning have truly changed the endpoint security game. With these techniques, solutions can learn about tactics and patterns in a much shorter time frame than a human security operations center can track down risks.
That being said: a collaborative human-system relationship is required for success.
Humans pick up where AI and machine learning leave off. With brains organically programmed for pattern recognition, a capacity for logic and a lifetime of experience, human intervention can do research and analysis that EDR solutions simply aren’t capable of today.
So, when your client experiences a breach and the resulting alerts, a human is required to do some leg work. For an MSP, that means someone on your staff must be responsible for researching and managing the breach. The cost of responding to incidents depends on the types of alerts that appear.
AI Driven EDR Still Incurs Operational Overhead
While AI and machine learning driven EDR solutions are exponentially more powerful than a team of security analysts, they can not thrive on their own.
Making the right investment in an EDR partner is based on your business goals. While a security vendor might have a seductive value proposition, it might not be as clear as it could be.
Let’s say, for instance, that a vendor demonstrates the value of a tool as the reduction of human workforce. Do they also provide an assessment of what it will take for your business to roll out the tools and manage them across a series of clients? If not, you might end up incurring more operational overhead than you anticipated.
Chances are that two people in your organization must be adept at monitoring and managing the EDR tool. How would adding two new people, training two existing staff members or adding the responsibility of managing an EDR tool impact your bottom line?
Your business has a set of goals and objectives. Finding the partner that provides the greatest transparency can help you (and your bookkeeper) keep sane.
Overlapping Points of Contact
Those two people mentioned in the last paragraph might have you scratching your head. Why two people?
It’s a risk management strategy. You need at least two duplicated points of contact to ensure that your clients are never left exposed. If one point of contact is absent, the other will cover the gaps.
These individuals might not be monitoring the EDR tool on a full-time basis; it might be a part of a larger role in the organization. All the same, rolling out most EDR tools – regardless of AI and machine learning capacity – requires a team to cover one another.
Managing Events Takes People Hours
Managing events – from major malware attacks to annoying Potentially Unwanted Programs – takes human hours. When your clients experience computer problems, they may not realize they have been impacted by a cyber threat. Only when a member of your IT team starts their research, they may discover that a more manual investigation of an individual computer is required.
The back and forth required to track down the threat, find a time to work with the individual computer and to investigate the threat takes time. In this instance, time is money.
Total Cost of Ownership: CYDEF’s Calculator
There’s a perception that Total Cost of Ownership is clearly outlined in the benefits of an EDR tool. Evidently, there’s a lot more to understanding the costs associated with endpoint security.
If you’re curious about the financial realities presented by AI driven EDR tools, CYDEF is developing a total cost of ownership calculator. This vendor agnostic tool can quickly break out all the costs associated with purchase and operation of a tool. Stay tuned for the launch!
