Need advice regarding EDR software: Recently we are using Checkpoint but it's agents are resource hungry and causing issue with deployed service. So we are looking out for new EDR tool. I am only tech person in the company and company is using external vendor services. And as you know like many vendors' they also pushing some tools which might not be good for our scenarios. And I have limited knowledge this side of tools/infra. Please refer to following points - • Hosted on AWS and load is not not high (currently deploying on EC2 directly but migrating to EKS) • Working on compliance and regulatory heavy industry • Do we really need EDR for cloud, isn't AWS itself handle it with good VPC configuration? • Is combined solution for laptop, cloud or mobile devices would be good to opt or need to go for specific one? • Is using open source tools for this purpose would be good idea given that we dont have specific people. If yes then please suggest good tools. • We need cos-effective tools which dont increase cost much based on number of server and devices • Points to remember and questions to ask to provider while selecting/buying EDR tools?

@Lalit Pagaria Did you check Wazuh?

@Anjul Sahu No I didn't checked it. I will check it, it is open source which is great. Do you have any feedback around it?

@Lalit Pagaria I have used Wazuh in couple of instances previously in 2020 and it worked great for my client who was looking to get SOC2 certified. We installed it on EKS and all VMs. It also comes with compliance packs. EDR might be required even if you are having very secure VPC configuration. Wazuh agent can run on laptop and cloud but not on mobile. Wazuh has their own cloud based enterprise version. I am assuming it is improved further since I last used in 2020 and one of the leading open-source option.

Thanks a lot Anjul