Question for Elasticsearch experts. Well, specifically, Elastic Security experts.
How do you cope with the fact that Elastic Security does not have traditional on-demand/scheduled AV scanning?
Companies often ask questions about AV scans in their vendor "security questionnaires" and I've never seen a good answer that explains why/how next-gen AV/EDR doesn't do "scanning."
What do you tell people? How do you get this past ancient regulatory requirements and/or companies who don't know what "EDR" means?
[Boosts appreciated. 
]
[Edit: I guess this is a question for anyone using any "next-gen av" or EDR like #Crowdstrike or #SentinelOne ]
#Cybersecurity #InformationSecurity #Elastic #Elasticsearch #ElasticSecurity #EndpointProtection #EDR
@julie It's not a technical answer, it's an audit/questionnaire answer : "Company has evaluated the risks and has decided that on-access process monitoring is a sufficient control to address this situation".
(As long as that's actually true)
It's like having to answer physical access to datacentre questions when all you use is AWS.
There has to be a layer of security management that spends its time translating customer & auditor questions into reality and back again. That's not a technical engineers job ...
@julie I just say "No, we do not do this and we do not need to do this - you are asking for some specific activity that is not relevant to our environment".
And they don't let me talk to customers any more ...
