What is EDR and Why we Need It

A visual representation of what is EDR.

If you’ve been paying attention to recent developments in cybersecurity, you might be asking yourself what is EDR? As remote work and the proliferation of endpoint devices takes place in the office, so do threats. It is now harder than ever to defend yourself from being a victim of ransomware and other malware. Even more troubling is that small-medium businesses are often the victims of such attacks.

Below are some very recent statistics from the world of cybersecurity:

300% more cybercrimes being reported since the onset of COVID
93% increase in ransomware attacks year-over-year from 2021
59% of managed service providers say that remote work enables ransomware attacks.

Although ransomware used to be reserved for bigger names, that is no longer the case. Over 80% of ransomware in the last quarter of 2021 were aimed directly at SMBs. This usually has a massive detrimental impact on your business. 60% of small business who experienced a cyberattack end up going out of business. This should be a sobering realization.

Attackers are leveraging your precious time for money. A ransomware attack will cost the average SMB $8,000 per hour. A ransomware attack will last the average SMB around 20 days of downtime. Do the math on this, and you will find a staggering amount of loss.

It’s important to take control of your security practice before your company becomes another statistic.

Securing Endpoints with EDR

Antivirus technologies no longer offer complete protection for securing the new network. Now that many employees are bringing their own devices, endpoint detection and response software is crucial. It is a much more proactive protection mechanism which keeps up with these new challenges.

Endpoint Detection and Response helps respond to an asymmetrical threat – hackers are able to attack any endpoint at any given time through the organizational chain. Even one opening in the network – whether that is through email, cloud, or endpoints, can prove devastating.

Given these circumstances, the attacker has the upper hand since it is exponentially harder to secure every endpoint than to search and exploit any threat.

NIST outlines a standardized methodology to protect your network from risks: Identify, protect, detect, respond, and recover. Although all these steps are extremely important, most businesses spend the vast majority – around 85% – of their budget on the “protect” phase. This of course leaves a very small amount of the budget for the other phases. This is slowly changing however, as companies realize the need for a more comprehensive approach.

Antivirus is No Longer Enough

This need for change is spurred by the evolution of modern threats. There are many ways to bypass antivirus software, including:

Living Off the Land – Although in the past malware might have used handcrafted tools to execute code, this is now not always the case. New malware can use completely native commands from the PowerShell Command Line Interface to attack the device.

Staging the Attack – This is a sophisticated multi-phase attack which bypasses threat detection by seeming benign. The attacker executes a collection of steps which individually seem fine, but collectively cumulate to a debilitating compromise.

Disabling AV / EDR – Before the final payload – such as ransomware – is deployed, the attacker often takes steps to completely deactivate, disable, or otherwise inhibit antivirus / endpoint detection software.

How AV and EDR Synergize

Given the new collection of threats and that AV is no longer enough by itself, we must augment the approach. By running both AV and EDR, your endpoints will be much more secure. What’s the difference though? Let’s go over the differences between AV and EDR.

Antivirus Technology

The age-old solution to threats has always been tried and true antivirus software. It was created to detect malware, and then remove it. It has been the primary and sole means of securing endpoints for decades now.

To this day, AVs work great to protect against the most common strains of malware out there. However, they have a big downside – relying on virus signatures to detect threats. This means that if the attacker is sophisticated enough and runs a more specialized attack, they can act in unknown or stealthy ways to not trigger these virus heuristics.

Also, in order to have a well-functioning AV, the database of virus signatures must be up to date. If the threat is new and the database is out of date, the AV will do absolutely nothing to help you. It’s like the immune system – known threats are easily defeated but the novel ones take time to become integrated into the “definitions”.

Endpoint Detection and Response (EDR)

EDR works much differently from this. Instead of working from a rigid database, it is a more layered and integrated solution. It constantly monitors your computer for changes. It compiles all this data and creates automated responses to threats based off rules.

Not only are you getting robust logging functionality, but the EDR analyzes this log and searches for anything abnormal. The logs are usually stored remotely and can be analyzed by humans as well. Any strange activity will be automatically flagged and the user will be able to respond promptly.

Even threats that have bypassed your traditional AV will be flagged. Throughout the entire attack, the EDR will continue to analyze the happenings, give us real-time warnings and notifications, and investigate further.

How to Choose the Best EDR Solution

The problem with many EDR solutions is that they are very specialized, expensive, and rather difficult to set up. Many of them require a dedicated group of technicians to get the proper results. Therefore, it is important that you choose an EDR which works for your business.

When choosing a new EDR solution, ask yourself the following:

  • How easy is it to use and integrate with your current infrastructure?
  • Is the software easy to manage after being set up?
  • Does it help us quickly respond to and remediate issues?
  • How is their tech support team?
  • Is the solution cost-effective?

Additional things to consider are whether or not the EDR has cyber-attack prevention, continual monitoring and recording capabilities, rapid breach detection, automated responses, and threat defense.

Thankfully, at Livelinx we have the perfect solution for your business. By using Datto’s EDR solution, we can provide you with cost effective, easily integratable, robust technology with a skilled technical team and fast response times.

Don’t rely on just AVs to secure the most important aspects of your business. Consider using AV with EDR to make a multi-layered protection scheme capable of dealing with even the more advanced threats that are coming out in the recent years.

Leave a Comment

Your email address will not be published. Required fields are marked *