Half of Alerts Signaled by EDR Tools Are False Alarms; Lack of Personnel Prevents Rapid Detection and Response

As 250,000 new malicious programs and an increasing number of tailor-made threats try to wreak havoc on corporate IT infrastructures each day, the need for qualified information security personnel is higher than ever. Simultaneously, most companies struggle for rapid incident detection and response, with teams that can’t keep up with the sheer number of alerts their EDR solution identifies, and the difficulties in deploying and maintaining the entire endpoint security architecture.

AWS Builder Community Hub

With almost half of alerts signaled by EDR tools being false alarms, the lack of personnel is the main obstacle CISOs in the UK, Germany, and Sweden face that prevents rapid detection and response during a cyberattack. In France, the US, and Italy it was the lack of proper security tools (50%, 43%, 35%) and in Denmark it was the lack of knowledge (55%).


Lack of proper security tools is the third most frequent obstacle in the UK (39%) and Denmark (48%), but it also scored high in Sweden (41%) and Germany (32%). Companies also feel their breach containment is becoming harder due to higher costs (a third on average).

To help combat the growing gap, EDR solutions plan to help security teams to focus only on the real and dangerous threats that would have otherwise not tripped any alarms. However, most CISOs say that, while it improves security analysts’ ability to discover, investigate and respond to advanced threats and broader attack campaigns on multiple endpoints, EDR can be difficult to manage, especially in companies that lack a SOC and aren’t very sophisticated in IT security, yet want to elevate their security posture and take a more strategic approach. For Germans, lack of skilled personnel tops the list of main obstacles (40%) in strengthening their company’s cybersecurity posture. Lack of predictability tops the list for respondents in US (41%), France (47%), Italy (33%) and Sweden (48%), while Brits perceive the lack of infrastructure-agnostic security as the main obstacle (33%). Those in Denmark cited lack of visibility (55%).


“Companies and organizations that have powerful and resource-intensive EDR tools but no SOCs in place are basically bleeding financial resources without maximizing the true potential of these security tools,” says Liviu Arsene, Global Cybersecurity Analyst at Bitdefender. “It’s like owning a private jet but not having a qualified pilot or crew to fly and manage it. Traditional EDR tools require both manpower and skilled security experts to fully cope with and handle all security alerts, otherwise EDR deployment simply remains compliance oriented and not a security tool.”

Agent fatigue is to blame for when security teams that are overburdened with managing EDR tools end up ignoring or disregarding the never-ending tide of security alerts, defeating the aim of detection and response. Triggered alerts could take days, weeks, and even months before they’re addressed and investigated, meaning security breaches could take just as long to detect as without an EDR solution in the first place, if insufficient staff is present.

Download the full report here.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Razvan Muresan. Read the original post at: