antivirus

What is EDR\ETDR- Endpoint ( Threat ) Detection and Response?

This term was invented by Anton Chuvakin from Gartner to categorize

tools primarily focused on detecting and investigating suspicious activities (and traces of such) other problems on hosts/endpoints

Typical Activities of an EDR System

  • Record and store endpoint behaviors and events

  • Detect Security Incidents

  • Response forensics ( Investigate Security Incidents with Root Cause Analysis )

  • Response Containment and diagnosis

Gartner Provides a List of Current EDR Providers

What is the difference between EDR and Antivirus?

A traditional antivirus will clear a system\organisation of the threat, but EDR software goes into investigation mode. Based on its sequence of recorded events, it presents how the attack played out on your company's computers, noting every change to the system. This playback of the event often looks like a branching flowchart that starts with the initial incursion and proceeds to describe which parts of the system and network were infected, when, and what the result was. E.g. one from Crowdstrike below

EDR can help stop attacks like at traditional antivirus, the software still needs an effective backup policy to restore key data to infected systems.

EDR can help stop attacks like at traditional antivirus, the software still needs an effective backup policy to restore key data to infected systems.

EDR also protects employees away from malicious websites with a history of virus and malware. It enables the categorization of websites to webfilters to stop pornography, advertising sites, gambling and gaming sites because these are usually highways for malicious files and added extra protection to stop phishing attempts. It also enables you to protect your workforce while they are away from the office and not protected by the companies firewall

EDR Pricing

EDR Solutions are way just more than traditional files scanners , if you don't have IT staff, you'll likely want to outsource the monitoring of the EDR dashboard. Per endoint , prices can vary from 10GBP to 30GBP per seat per year