IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
It’s important to note that QRadar EDR achieved 100% of its detections with out-of-the-box configurations. Configuration changes help vendors adjust their detections as the attack progresses. Twenty-three of the 30 participating vendors had to tweak their product ‘antennas’ multiple times before being able to detect alerts, using learnings from Day 1 and Day 2 to accurately detect the threat on Day 3.
In real life, configuration changes are usually unrealistic and reflect hidden resource costs of ownership. The more configurations a solution requires, the more an organization has to invest in its management. Attackers do not give defenders a second chance to tweak their detections.