On Episode 103 of the K12 Tech Talk podcast, Chris, Josh, and Mark discussed EDR. This article is a recap of that conversation along with some resources to check out.
Listener Pate emailed and asked “What EDR solutions are you using?” and, for Chris and Josh, “As far as talking about Missouri, with the MUSIC insurance requirements coming up, what are you doing?”
Josh – So, my take on this question… We are using one of the big three vendors for EDR. I’ve actually subscribed to a MDR service to where a 24/7 SOC is monitoring that. I think there’s an extra value added to that, just because it is 24/7. I don’t work 24/7. My eyes aren’t on it 24/7. By having it on every device, there is much more granularity and control with those types of responses from an MDR. I think Pate’s bigger question here is trying to feel out all the vendors in the antivirus space that are throwing the three letters “EDR” on the back of any solution. I’ll use the term “Fly By Night vendors” that are slapping EDR on their product. How in the world are you supposed to know if they’re really an EDR or not? And that’s why I’ve tried to stick with one of the big three, maybe four or five, players in that market. I know Gartner, their report, their magic quadrant, those reports are always around. I think if you stick with an upper right quadrant vendor, you’ll be in better shape than picking some crazy “Fly By Night vendor.”
Mark – I’m going to, as a kind of draw a line in the sand… I’m not going to say enough that could cause potential harm to my district in public. I will agree with Josh, that I do think that you do need to look at one of the more reputable companies out there. Like you said, the Gartner upper quadrant is a very important measure. I have heard horror stories of districts that have been hit with ransomware. They’ve had to deploy a new EDR in the heat of the moment. I do think that’s something that you should really invest in, both in money and in time. But, I’m not going to give any specifics about my district.
Chris – I can throw back to Episode 24, The Pocket of Doom, when my district had that fake virus that our antivirus was the culprit of. We got to play with Carbon Black, Crowd Strike, and SentinelOne all fully running for demo sake. We installed all three of those for fun on the computers that we were having issues with. It was great to demo those, to experience those, and see how much better they are than classic antivirus. Our tech department got to see how we will use this one or this one or that one better. You know, we liked the way these reports looked better. We liked the way these response screens looked, and this and this. Do the research, the demos, hustle the pricing, and find the best solution for your school district and your team.
Awhile back, Jay wrote a great guide on EDR. Check it out here.