EDR v AV

Presidents’ charities are announced.
 

A business knows that cybersecurity is important, however we find that sometimes organisations are so focussed on their core business that they are not dedicating enough attention and resource into ensuring they have the best products and services to mitigate the ever-increasing array of threats against businesses.

A network security breach can be very harmful to organisations, damaging their reputation and losing them a lot of money. Furthermore, data protection rules such as GDPR regulations place further responsibility on organisations regarding the handling, processing, and storage of personal data.

Cybercrime is growing in sophistication and so in turn, requires a more sophisticated approach to defend against it. Traditionally, anti-virus software has provided organisations with the defences required to protect their assets from hackers. However, as a business grows and more devices are added to an organisation’s networks, the potential points of entry into their networks grows with them.

This is where Endpoint Detection and Response (EDR) will provide a more advanced approach to defending these networks than anti-virus software.

The difference between EDR and AV

EDR is a behaviour-based system that provides an ongoing analysis of an endpoint’s activity, looking out for signs of any unusual behaviours of the apps and software that run on it. EDR software will run on a range of hosts, using many analytical tools. This enables the real-time detection of threats that exist within the network, with data then being passed to a centralised database to enable more advanced analysis, investigation and most importantly response.

With EDR systems, IT providers are better informed about what is going on in the network and can act more swiftly in response to a threat This is a much more advanced approach than just an anti-virus system. EDR means that you do not need to depend on anti-virus systems, as it is more capable and sophisticated than anti-virus can be.

Anti-virus systems employ a more rudimentary approach, using scans to check for the signatures of already known threats. They do offer warnings and the removal of basic viruses but are simply not capable of delivering the far more advanced features of EDR, which can carry out the automated remediation or removal of many threats based on the behavioural analysis of endpoint activity.