NTG Insight: Endpoint Detection and Response
A term that has gained visibility in the Cyber Security world recently is EDR or Endpoint Detection and Response. One of the drivers for EDRs popularity is due to the increased number of users working from home. EDR has an agent on the user’s device that can respond in real time to threats stopping them at the user’s device (the endpoint), before a threat makes it to the network where it could expand. EDR was coined as a phrase in 2013 and defined as a solution that records and stores endpoint-system level behaviors, uses various data analytics to detect suspicious system behavior, provides contextual information, blocks malicious activity and provides suggestions to restore affected systems.
Does EDR replace existing Antivirus software?
No, EDR and Antivirus software tools work together to protect you against attacks. Antivirus is the protection component of endpoint security and when a threat slips by, EDR detects the activity and assists your security team in containing the adversary. To simplify, EDR provides your security with endpoint visibility through collecting data from endpoint devices then uses that data to detect and respond to potential outside threats. There are a multitude of EDR products available today, while not everyone shares the same capabilities most include: •Increased visibility of unified endpoint data •Ability to monitor endpoints •Ability to detect malware and store endpoint events •Ability to respond to events in real-time •Integration with other security tools These are just a few of the basics, most tools include additional function that depending on your environment may be beneficial. EDR is not just a tool or set of tools, it is a set of capabilities that work together to provide you Endpoint security. There are many EDR tools on the market, if you are considering adding EDR to your endpoint security, its very important that you determine what tools provide you the best capabilities for your environment. Hopefully, you are seriously considering the EDR requirements for your environment. This is great for organizations that have an existing IT staff or who are using a Managed Service Partner for security who would benefit from the technology, but an EDR tool is not for organizations with no IT staff. If you are considering adding EDR into your security capabilities and need assistance, please feel free to contact NTG.