Google’s Anton Chuvakin said he’s a little disturbed when he hears about alert overload because EDR — endpoint detection and response — was introduced in 2013 to address that issue.
“So EDR, in that sense, was a helper with alert overload in another tool,” Chuvakin, who does security solutions strategies for Google Cloud, told SC Media VP of Content Jill Aitoro during an eSummit.
Alert overload wasn’t supposed to happen because of the high-quality telemetry on the endpoint, which delivers more context, Chuvakin said. “That’s actually a bit puzzling because EDR has the crispest, cleanest telemetry on threats compared to other tech.”
And yet, the issue is omnipresent. Chuvakin said he’s written about alert overload over the years, and could copy and paste a paragraph from a whitepaper on the subject from 2003 and it would still ring true. Why? He believes that the overload comes when people are tempted to alert for more, in fear of missing something.
Looking to the future, Chuvakin said the mission of observing the endpoint, whether it’s called EDR or some other technology, will remain critical, even if the approaches evolve with the transition to a zero trust model.