This article first appeared in News in the Channel magazine issue #31
With the number of endpoints in many businesses growing swiftly, so they become more of a target for cybercriminals, and increasingly EDR is being used to combat that threat. With the rise of hybrid working, as well as ever-increasing numbers of devices being networked, it means businesses have more endpoints than ever before. But this means there are more potential attack points for cybercriminals than ever before too.
While cybersecurity is now a given, one aspect that has increased in popularity in recent years is endpoint detection and response (EDR) to combat these threats.
Mike Puglia, general manager – security products at Kaseya, notes that endpoint compromise is the leading vector for deploying ransomware, across large and small companies. “Kaseya Labs has seen an approximately 30% increase year over year in ransomware activity as ransomware-as-a-service and AI-powered phishing have increased the success rate of malicious campaigns,” he says.
Mike adds that EDR has been one of the fastest growing trends in endpoint security over the past year. “We are now at approximately 80% adoption in enterprises, while the SMB market lags at around 25%,” he says. “The lag in the SMB market is not about cost – it’s about awareness and having the security resources/expertise to gain value from the technology.”
Wes Hutcherson, director, EDR at Huntress, adds that two problems are ensuring EDR is becoming increasingly popular. “First, the attack surface has absolutely exploded,” he says. “Cloud, remote/hybrid work, M&A, business growth, supporting infrastructure from applications ecosystems – the number of entry points and downstream attack vectors is constantly growing. As a result, the more endpoints you have, the more you have to protect – not to mention the growing number of applications on these endpoints, which increases opportunities for exploitation.
“The second contributing factor is the advancement in how attackers discover and exploit these endpoints. AI is a major driver of this acceleration, making exploitation easier and more accessible, especially when it comes to bypassing traditional endpoint defences like antivirus. On a long enough timeline, an attacker will break through, using tools like AI and novel exploits targeting the wide variety of endpoints and applications. When that happens, what are companies/security teams supposed to do? That’s where EDR becomes critical, and why we’re seeing such a surge in adoption. EDR isn’t a nice-to-have; it’s a must-have nowadays. It’s the last line of defence against the reality of ‘not if, but when.’”
Lance Williams, founder and director at Offerlogic Ltd, says the main threat via an endpoint is “the fleshy interface that connects to it – otherwise known as the ‘human layer’. The cyberthreat actors leverage the human to compromise the endpoint and because the human has become the primary target, the secondary incursion point is the endpoint itself and the apps that are accessed through it.”
SMB vulnerability
While all businesses are at threat from cybercriminals targeting endpoints, SMBs can be particularly vulnerable. “We’re seeing a steady rise in AI-driven phishing and malware, with SMBs often in the firing line due to lighter defences and stretched internal teams,” says Nathan Charles, head of customer experience at OryxAlign. “Once a threat bypasses prevention tools like antivirus, businesses need the capability to detect and contain it quickly, or risk serious operational impact.”
Kim Maibaum, senior product marketing manager at WatchGuard Technologies, agrees. “SMBs now realise they, too, need continuous monitoring and faster threat response,” she says. “To help scale this, MSPs are increasingly adopting EDR to deliver proactive protection as part of a layered security approach for their customers.”
Changing demands
As the market develops, so customer demands for what they want in an EDR solution are changing. “There’s a clear shift towards EDR platforms that adapt to the business, not the other way round,” says Nathan. “We’re seeing demand for tailored settings around threat response time, data retention and recovery options, particularly from firms handling sensitive client information. Customers also expect EDR to integrate smoothly with phishing simulations and training, rather than acting in isolation.”
Kim says that customers are looking for an EDR solution that automates more and allows them to worry less. “Specifically, they are looking for solutions with lightweight agents that provide automated classifications, precision alerts with actionable insights, simplified management and integration with existing security stacks,” she says. “There’s a clear trend toward cloud-native, scalable EDR platforms that reduce complexity and noise and support centralised visibility.”
Phil Skelton, director, International Business at eSentire, adds that primarily clients are looking for two things in their endpoint protection. “Firstly, it detects and stops security threats, either by automatically blocking or by providing their Security Operations Centre with the tools to eradicate the threat,” he says. “Secondly, the EDR agent must be low cost to run, both to buy and to maintain, but also in the resource use on their endpoints. Organisations cannot have the EDR software slowing down or crashing laptops, which we have seen happen.”
Steve Burden, director of connectivity and cyber security solutions at Wavenet, adds that customers expect EDR solutions to deliver far more than mere alerts now. “They want actionable insight, automated containment and seamless integration with broader threat intelligence and SOC tools,” he says. “There’s also strong demand for centralised management and intuitive dashboards that make it easy to visualise, investigate and act on threats; thus, enabling the leaner IT teams to stay ahead of cyber threats. Many EDR solutions are expanding their coverage to include the network, cloud, and email; an approach which is often called XDR (eXtended Detection and Response).”
Zac Warren, chief security advisor, EMEA at Tanium, says that customers are demanding solutions that offer real-time visibility, speed and control. “Not just after an attack, but before and during as well,” he says. “There’s a clear trend showing that security teams want tools that help them see everything, investigate instantly, and respond decisively.
“There’s also growing demand for consolidation. Teams are overwhelmed by too many disconnected tools. They want an endpoint management platform that can reduce complexity, accelerate investigation, and eliminate blind spots – stirring up demand for Autonomous Endpoint Management (AEM).
“Above all, customers want confidence – the ability to shine a light across every endpoint, ask the hard questions, and know they’re ready to act when it matters most. That’s why the market is shifting toward AEM: a model that goes beyond traditional EDR to deliver continuous visibility, integrated controls and automated response. AEM isn’t just about detecting threats – it’s about ensuring endpoints are secure, compliant and resilient by design, without relying on constant human intervention.”
Reseller conversations
When talking to customers about EDR, conversations should focus on certain elements.
Kim says resellers should emphasise the need for EDR. “They should also highlight its ease of use, improved threat visibility and automated response capabilities,” she adds. “For MSPs, it’s about showing how EDR fits into a comprehensive security portfolio, reducing customer risk without increasing their workload.”
Phil adds that resellers should educate their customers about what other requirements in a best-in-class endpoint detection and response solution delivers. “EDR is also not enough to protect an organisation from cyberattacks on its own, companies must have a layered security approach,” he says. “They need data from across their environment, from their network and endpoints through to cloud and identity systems and their asset vulnerability scans and logs. This sounds like a lot of different sources of data – it is – but all that information is necessary to keep your systems secure overall.
“Resellers need to get a thorough understanding of their customer’s IT environment first, so they can determine which endpoint solution is the best fit alongside any other security solutions that are required. The goal here is to capture and correlate security signals, that fits the organisation’s technical requirements, and that fits their budget. EDR is essential in this but be sure to scope out the whole opportunity.”
Steve adds that resellers should position EDR as a non-negotiable component of their customer’s cybersecurity strategy. “It’s key benefits to emphasise are its ability to reduce response times, support compliance and lighten the workload on in-house teams,” he says. “For MSPs solutions that are easy to deploy and manage at scale can provide a clear ROI by preventing costly breaches.”
Mike says resellers need to talk about the importance of endpoint security in the ransomware attack chain. “Traditional antivirus/antimalware is critical, but no longer sufficient to identify today’s threats,” he says. “Our data indicates enhanced security services (i.e. EDR, MDR, XDR) now make up 33% of MSP revenues – a huge jump from 22% one year ago.”
Nathan adds that the conversation needs to move beyond fear and focus on business continuity. “Customers want to know how EDR reduces disruption, protects reputation and relieves pressure on overstretched teams,” he says. “It’s about helping businesses stay productive when they’re under pressure rather than simply stopping attacks.”
