The digital world has changed immensely in the last 10 years, ranging from improvements in wireless communications, to increased speeds worldwide with new fiber network expansions, and development in software libraries and server technologies that have allowed virtualization of nearly any system.
Along with these changes have come vast differences in the way approach the security of our information. Between advancements in technology moving so quickly and malicious entities working just as quickly to uncover vulnerabilities in our new systems, the approach to security has had to take a drastic turn to keep up with these changes.
Traditionally, the standard approach has been to use an antivirus software that is updated daily to keep up with these changes. This approach uses a security engine that monitors system behavior and compares file signatures with an online database records (more commonly known as definitions) that are updated daily with information on any malicious files their network has detected.
By now, in 2020, this has become a baseline minimum requirement for running an operating system securely on an internet-connected network. Workstations and Laptops are constantly connecting to different networks, browsing on different sites, downloading and executing numerous files throughout their workdays, fueled by whatever endeavors their users are trying to accomplish.
While these simple programs are good for defending against basic threats, there are so many different types of tactics that it becomes difficult to defend against these different threats without different engines involved. For instance, standard antivirus software does not traditionally prevent ransomware attacks, nor does it offer any sort of post-execution protection or rollback functionality. Once something executes, the antivirus usually isn’t able to or capable of doing what it needs to in order to terminate this threat.
Even though antivirus companies have made huge strides in providing robust products with multiple engines, such as Kaspersky’s Antivirus Products, or Bitdefender’s Home or Business Platforms, businesses have had to take an additional step to protect themselves against these types of attacks.
Enter EDR – Endpoint Detection and Response. Also known as Endpoint Threat Detection and Response, EDR is a technology that is used to protect endpoints, much like an antivirus software, from a threat. These tools, however, focus primarily on detecting and investigating suspicious activities or other problems on hosts and endpoints. This technology works well enough to even be able to pull trace information off of attack signatures for further analysis later.
The primary role of an EDR platform is to document as much as possible. From the very beginning of payload on the system to the final rollback and recovery, EDR software is responsible for documenting all of this information along the way. When utilizing a powerful product like Sentinel One, you have the ability to rollback these threats in real time to prevent further issues with your systems, and even isolate devices based on rules.
Due to the sensitive nature of security, and the constantly evolving technology required to secure it, many businesses opt to move to a Managed IT platform with a local provider to work with a team of specialists who can handle these services on behalf of the client. In many cases, it can be more cost effective to work with a provider, even if the software prices are the same, or a little bit higher, primarily because you have the ability to work closely with a team who can help you decipher the information.
The main takeaway from this is that security is always changing, and EDR is just another step on that road to ensuring a secure network, and protection of your sensitive information.