by David Malicoat, CEO and Founder
What is EDR? Why are cybersecurity companies talking about it every chance they get? What does this have to do with me? These are a few of the questions I will answer in this quick hit blog post.
EDR is defined as Endpoint Detection and Response. Quickly, a bit of history. “Back in the day” there was antivirus software that depended on defined signatures to recognize computer viruses and malware. Basically, a signature is like a fingerprint of the malicious computer code. The bad guys quickly figured out that they could defeat signature based security tools by changing their code ever so slightly, but not change the function. This gets them past the signature based antivirus tools and gains them the ability in wreaking havoc on your company’s computers. Not good.
In 2013, a Gartner analyst by the name of Anton Chuvakin coined the term endpoint detection and response. He was speaking of a set of tools that could use basic machine learning and behavior analysis to track system events and identify anomalies. The concentration of these tools was not only the ability to detect malware that evades traditional antivirus tools, the tools also have a response capability built in. This response capability can be manual human intervention or automatic. The EDR tool can be programmed to take specific actions in case it identifies potential malicious behavior, such as quarantining a malicious file or blocking network access to a malicious process. Even further, EDR can prevent the spread of malicious code. Once identified and blocked on one endpoint, the EDR tool communicates with its central console, updating all other endpoints in the ecosystem of the details of the malicious code.
EDR is important to you as a business leader because it provides the most robust protection of your data assets that is available today. You may think that it is expensive, since it is the best available, but that is not necessarily the case. There are service providers that can furnish these centrally managed tools and can put together a highly affordable package of full-service EDR deployment and management for daily pocket change per device. You don’t have to add headcount or take on the training and effort required to deploy a new tool. Finally, with remote work here to stay, EDR steps up the protection of your data assets that are not centralized in an office. Most service providers deploy their EDR solutions in the cloud, giving them the ability to manage and respond to any issues regardless of the location of the endpoint.