Why You Need Endpoint Detection and Response (EDR): Next Gen AV

Endpoint Detection and Response (EDR)

You know by now that your cyber security comes down to far more than your antivirus (AV) software. But that doesn’t mean you shouldn’t stay up to date on the best AV solutions for business. Unless you are using the next generation antivirus: endpoint detection and response (EDR), aka endpoint threat detection and response, you’re not as safe as you could be.

Cyber criminals are smart and still trying to access your network to steal your data. If you’re using the standard endpoint protection (EPP), they have a good chance of succeeding and you’re losing the race. EPP is simply not enough to get the job done. You need the next generation, which is EDR.

Both EPP and EDR protect your endpoints. But EPP can only work against known threats:

  • EPP only has a simple baseline protection for all endpoints.
  • It has no proactive detections.
  • EPP is based on decades-old methods. 
  • It has no protection against unknown threats.
  • It has no protection for fileless attacks/in-memory exploits.
  • EPP can only protect against known malware.

Next Generation Antivirus aka EDR

Endpoint detection and response (EDR) is next generation antivirus protection and is also referred to as next gen AV. The EDR platforms continually monitor  and respond to cyber threats. They are effectively a prevention against zero-day vulnerabilities including:

  • New or undetected malware. 
  • A known vulnerability that has never been exploited.
  • A previously unknown vulnerability that is exploited.

These zero-day vulnerabilities in programs, data, additional computers or a network can be exploited until discovered and either fixed or a patch is developed for them.

WatchGuard reports that zero-day attacks represent nearly two-thirds of all malware attempts.

Conclusion: If your antivirus program is only looking for what is already known, it is missing a great deal and vulnerable to breaches.

64.1 percent of malware attacks are zero day.

– WatchGuard 2021 Q2 Report

But don’t ditch your anti-virus endpoint protection (EPP) yet. It is a necessary security layer and EDR doesn’t replace it. It complements current endpoint protection. Combined, EPP and EDR provide a comprehensive antivirus solution. An EDR solution can be deployed without changing your endpoint protection (EPP). It can be layered on top of your current EPP.

Just a few years ago, employees accessed applications and data inside a corporate network perimeter, firewalled off from potential threats. Since remote workplaces are now a big part of most businesses, cybercriminals have adapted their tricks and tools to target every endpoint despite its location.

How to Protect Your Business From Vulnerabilities

Vulnerabilities are caused by people: the people who write the software and those who use it. Since people are not infallible, software cannot be infallible. 

People are also the endpoints (more accurately the devices they use) so it’s  important to keep control even though your endpoints (users) might be working off premises. Below are tried and true remedies to endpoint security:

  • Use MFA (multi-factor authentication) or at least long, complex passwords. No more personal passwords like birthdays or family dates. Insist on strong password practices.
  • Upgrade all end users’ device software to the latest versions that are supported by the manufacturers. That alone will be a big help.
  • Monitor their devices remotely. 
  • Update all software programs as well as most common third-party applications (Adobe, etc.). This helps to provide a stable foundation to every technology environment.
  • Run advanced detection tools that provide threat intelligence, threat hunting, security monitoring, incident analysis and incident response. This is unlike traditional antivirus solutions that only provide alert-based security monitoring. 
  • Always seek in-person verification for any financial changes. 
  • Develop a security mindset that considers security needs  first and foremost in all manners of business computing.

Pretend You're a Hacker: Now Look at Your Data

If you’ve ever wanted to be a detective, now is the time. Examine your data as if you were a malicious actor intent on compromising your data. When you look to find weaknesses, lo and behold, you see that this company (your company) is still  holding onto that payroll report, including Social Security numbers, from 10 years ago! Or even 20? More?

Then you spy the emails,  including financial information, for a loan your company was trying to get last year.  Your detection also reveals the file that was created, who knows when, of all  your employees’  passwords. 

Eureka! If you're a real cybercriminal, you now have the keys to attack this business with malware or ransomware, etc. 

Even if the data is older than time, criminals can use it to trick an employee into taking an action that provides access to your network (a process that’s called social engineering).

So if when you were “acting” as a cybercriminal, any of those situations struck a sour note,  it’s time to take action. 

Remove any truly unnecessary folders or files that could be attractive to a malicious actor. Make no assumptions that your company is “too small” to attract these criminals. Once upon a time you could assume that, but the latest figures show that close to 50 percent of small businesses are being attacked and actually are more inviting than large businesses because they have fewer resources.

Act Now by Talking to Your Support Team

If you’re not sure what type of malware protection you have, start a conversation today with your managed service provider or internal IT support team. There is no time to waste.

If you are already an Intrust client, no worries. We’re already using next generation antivirus solutions across all of the businesses we support. If you want to understand it better, just reach out.  We’ll be happy to go over the particulars with you.

If you’re not an Intrust client, consider becoming one. You’ll not only  get endpoint detection and response (EDR), but dozens of other helpful and cost-cutting ideas to help your business grow,  flourish and have the best protection available. 

Contact us or book a no-obligation meeting, virtual or in person.

Dave Hatter

Dave Hatter

Dave Hatter (CISSP, CCSP, CCSLP, Security+, Network+) is a cyber security consultant, writer, educator and on-air media contributor. See hundreds of Dave’s expert interviews on cyber security on his YouTube channel, or tune in to 55KRC every Friday morning at 6:30 for his “Tech Friday” segment.

Get This Free Resource to Protect Your Business

Checklist: "14 Non-Technical Things You Can Do Today to Protect Your Business from Cyber Crime"

Share this Blog