by Shawn Shea

You may or may not have heard of the latest technology acronym....EDR (Endpoint Detection and Response). Should it even matter to you? The short answer is "YES" as it's a game changer! We have been using various antivirus programs for years and while these have kept us relatively secure from threats in the past, the truth is they just aren't enough protection anymore. AV is designed to identify malware on a computer based on signatures that get updated as new malware is found. This means it can only recognize threats that are known. The problem today is that malware is being developed at such a fast pace signatures can't keep up and new techniques such as fileless malware evade detection by antivirus all together. EDR integrates a number of security functions beyond simple antivirus that allow it to detect trends. It includes real time monitoring and detection of threats and is behaviour based to it can detect unknown threats based on behaviour that isn't normal. EDR can triage potential malicious events and can offer immediate response when these occur. The type and level of response is dictated by the security incident. The remediation can be automated and can include isolating the machine from the network to prevent further harm to other users and the network. Additionally it can provide some form of rollback in the event of infection so it can return a system to a useful state faster which means less downtime for users. In order to stay safe out there everyone should be using EDR today. It's a low-cost way to keep users safe from the unknown and helps keep your business running efficiently day and night.
Comments