Antivirus solutions have been continually evolving over the years along with threats and attack patterns. Endpoint detection and response (EDR) is the latest evolution and offers some significant advantages over its predecessors. It’s been a long journey. Here is a brief timeline of AV evolution and some practical advice about the very real advantages of EDR solutions today.
AV Has Evolved
In the beginning AV was simple. It essentially checked unknown processes against a “threat definition” database of know threats and blocked it if it was on the list. That worked ok for a while, but as cyber criminals evolved, and the number of threats increased this system started to be problematic.
More often there were “gaps” in the system. A new virus that wasn’t in the threat definitions database was allowed to pass without a second glance. To combat this AV makers first started by trying to make a better list of threats to check against. Some AV were essentially pointed to a group of different lists online and AV makers built an engine that allowed the product to check against all threat definition lists simultaneously.
That helped for a while too. By looking in multiple places they were better able to identify a virus and catch more of them before they could cause problems. There was still a problem. New viruses were created all the time that weren’t on any threat definitions database. These are typically called zero-day threats.
Protection against zero day is more complicated. The first idea that AV makers put into action was heuristic analysis. Instead of checking an unknown process against a set of threat databases it would examine the behavior of the process to determine if it was malicious. If its actions looked bad it was blocked.
This was a big step forward for AV and when coupled with machine learning and AI technologies gave a much better defense than traditional AV. Even with all of this progress none of these solutions will remediate threats.
Endpoint Detection and Response
EDR is the most evolved form of AV that we have today. It leverages and improves upon all former versions of AV. It uses AI and machine learning to examine behavior of potential threats but adds an AI powered brain that helps determine what to do with unknown processes.
Finally, we have a solution that provides protection against both zero-day threats and ransomware. Not only can it detect these threats but can actively block them and roll back any changes they have made to your system.
“EDR records and stores endpoint-system-level behaviors, uses various data analytics techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.” -Gartner
EDR software allows you to:
- Track Everything
- Contextualize and Identify Evil in Real Time
- Respond & Rollback
- Threat Hunt with TrueContext
The difference here is significant. Traditional AV is akin to having a house with a lock on the front door. EDR software is like having a top-of-the-line security system. You get alerts when any door or window is breached. If a threat gains entry you have security cameras that record their every move and notify the police. This allows you to track and remediate exactly what was done in the house.
Even better than a home security system EDR software gives you the ability to rollback changes. This gives you complete endpoint security that should instill some confidence.
Let’s Talk Security
If your business hasn’t yet implemented an EDR solution we would love to help. As part of a network security plan EDR can give you the best protection against ransomware and other threats that is available on the market today. i.t.NOW’s team of experts is ready to help. Give us a call for a free consultation.
Resources:
<a href=”https://www.freepik.com/vectors/background”>Background vector created by freepik – www.freepik.com</a>
