Managed EDR struggles with context. For example, EDRs ship tons of alerts without prioritization and criticality analysis. Managed EDR, as Mackenzie Brown, VP Security says, "I see it as merely ... a substitute for having an actual person monitor you EDR alerts."
For many dealers this is an expensive approach and a misuse of a vital headcount or time for the IT team. Additionally, managing alerts is reactive not proactive towards improving your cybersecurity stance. A better approach for cybersecurity excellence is evaluating and strategizing security operations to be tailored to your dealership's IT infrastructure and geographical diversity. Not watching alerts through a pane of glass.
Simply put, it's a more in-depth inspection of users, accounts, and systems, ensuring that when detection and response activities occur, there's a comprehensive understanding of the environment.