Hello, Crown Clients and Friends!
If it’s been a while since you’ve thought about your antivirus software, you might be relying on a third-party virus scanner or built-in operating system feature that doesn’t offer all of the protection you need for your computers, networks, or servers. EDR software and services are more effective at protecting your data from certain kinds of attacks, as well as detecting and possibly even stopping an attack as it happens.
The older idea of antivirus software was this: get a program that runs in the background and scans your hard drive for known threats at a scheduled time. This practice was limited and typically only stopped well-known threats and could only do so by quarantining or deleting malicious files that, for instance, intend to connect with an attacker’s server. But if an attacker made even a small change to their malware, then a virus scanner may not have been able to do anything to keep your devices secure.
Today’s concept of antivirus has evolved into Endpoint Detection and Response (EDR), which uses data analysis to identify threats, instead of file names or signatures. EDR--such as Sophos’ Intercept X and SentinelOne’s Singularity--collects information about how your computer (the endpoint in EDR) is being used and analyzes what your computer is actually doing to see if there are any strange behaviors or connections. EDR looks for malicious activity by collecting real-time information and analyzing your devices to see if you are under attack at any given time. Many attacks can be seen at the system level because, for example, the device will start using a lot of resources or opening connections that it otherwise shouldn’t.
Instead of waiting to find a well-known bad file, automated EDR may stop novel, unknown attacks by finding bad behavior of some kind. It detects any threats that may be active on your devices, which may be enough to stop a data breach or ransomware attack as it happens and protect data from being lost. Depending on what kind of data you or your company stores, stopping an attack may be invaluable when it cannot be prevented.
Automated EDR runs in real time, hopefully stopping various forms of malicious behavior before they can do harm to your wallet or reputation. Once the behavior is seen by EDR, then it can alert your IT team that there is a problem, quarantine the device from your network, and look for the cause of the problem.
As advanced as EDR is, security companies offer even more complete protection: Managed Threat Detection, known as MDR or MTR. MDR takes the protection for all of your endpoints and network to the next level by using both algorithmic and human monitoring and providing around the clock support. Managed refers to a service, like Sophos MTR, that can identify threats 24/7 and work with your IT team if something goes wrong. These services are the best value you can get in security, and supplement your IT team with active threat detection, giving you the best possibility of avoiding a data breach or attack.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team