August 02, 2019

Endpoint Detection and Response

Gregory Morawietz

Gregory Morawietz
Founder/Single Point of Contact

Share This Post

Recently a new form of attack has landed in the cyber security world and it is called Ransomware.  Antivirus software is all but ineffective against it.  So an industry has arisen to combat this threat and also offer deeper levels of security and transparency.  Companies with small IT or no IT budgets and limited access to a tech are vulnerable.  Cities and counties with zero IT budget have also been vulnerable and hit by Ransomware, with poor backup and disaster recovery practices some of them have been wiped out or had to start from scratch.  EDR is the solution to stop this from happening to you, your company or organization.   How does EDR work?  It uses Threat Intelligence is an analytical treasure trove of information used to detect threats as they are happening and even before they are happening.  Threat intelligence is the backbone of detecting attacks, patterns and bad actors and can be used to classify data and the gathering of critical forensics.  Of course it also depends on what behavior is going on with the endpoints as well.  Your EDR system gathers information from your endpoints and uses this to detect and prevent attacks and malicious activity as well.  EDR is used to stop Ransomware and bad behavior by cutting machines off that exhibit bad behavior, halting the spread of that machines activities.  EDR also goes where typical AV products don't by peeling back deeper layers and investigating and preventing exploits and processes that might be used maliciously.  These EDR products also store a data set of information that can be used to support its analytical process.  EDR is your deeper dive into cyber security protection, analysis and detection, as well as your repository of this information. You want to use what is discovered by these products to help you educate your users, and also stop future issues through training or cutting dangerous sources or destinations.  Traditional AV software is aware of this threat landscape and are either developing their own EDR products or are teaming up with the ones that already exist and incorporating these into their current technologies. When evaluating AV, Malware Protection and Ransomware, you must choose an EDR product or ensure one is already included in the products you are choosing from.  Of course any enterprise app is going to need to provide a single dashboard and control console and you want to be alerted of any issues, which means you might want to turn to a cloud product or saas based product versus a standalone product.  You should consult with an IT professional to figure out what is the best solution for you as well.  Don't feel that buying AV software is enough, you need to start using an EDR solution now.  

Share This Post