Endpoint Detection and Response software is the newest iteration of Anti-Virus software. It’s got a new title because EDR does a lot more than your traditional antivirus to protect you against threats. It’s also one of the only solutions that can offer some protection against ransomware.
What is EDR Software
The definition goes something like this.
“EDR records and stores endpoint-system-level behaviors, uses various data analytics techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.” -Gartner
A true EDR tool should have the following capabilities:
- Incident data search and investigation
- Alert triage or suspicious activity validation
- Suspicious activity detection
- Threat hunting or data exploration
- Stopping malicious activity
The idea here is that EDR has a greater ability to identify and stop unknown threats. It typically leverages an AI engine to allow it to make quick smart decisions about how to identify and classify threats. Then it can action on that knowledge to contain and eliminate threats. The solution typically logs every step of the threat as well. This allows security analysts to identify entry points and learn more easily.
The best EDR solutions will also rollback any changes made by potential threats. SentialOne has some awesome capabilities that help protect your machine against all threats including ransomware.
Difference between EDR and Antivirus
What is the difference between EDR and Antivirus? Antivirus is the prevention component of endpoint security, which aims to stop cyber threats from entering a network. When threats slip past an antivirus, EDR detects that activity and allows teams to contain the adversary before they can move laterally in the network.
Not all EDR solutions are created equal, and some are better at protecting against ransomware than others. SentialOne protects against unknown forms of ransomware. SentinelOne’s EPP uses a groundbreaking Predictive Execution Inspection Engine that goes beyond file-based analysis – even mathematical algorithmic analysis – that observes the actual execution of every system process or thread, in real-time. By understanding the execution behavior of all applications, programs, and processes in real-time, SentinelOne EPP provides the ultimate defense against ransomware.
Compliance and Insurance
We’ve had more and more responses lately from our clients for assistance with security compliance. Specifically we’re seeing that more and more insurance companies are requiring them to have an EDR solution in place in order to insure them with Cyber Liability Insurance. This is the new standard in endpoint security and protection, and it’s not going away. We recommend that you take proactive steps to protect your network and take a deeper look at EDR.
As always keeping our clients safe is our highest priority at i.t.NOW. We’re always staying up on the newest solutions and have been watching the EDR market with interest as the solutions have been maturing. They’re here now. It’s time to make the switch and take a step toward a safter network. Talk to the team at i.t.NOW today about how we can assist with security solutions and EDR.