Endpoint detection and response (EDR) platforms are a category of endpoint security tools, built to provide endpoint visibility, and are used to detect and respond to cyber threats and exploits.
Gartner’s Senior analyst Anton Chuvakin defined the term in 2013 as tools that are primarily focused on detecting and investigating suspicious activities (and traces of such) on hosts/endpoints.
Why do organizations need an EDR Solution?
Endpoint data has a clear advantage when it comes to protecting against advanced threats. Endpoints are where hacker activity takes place. They provide an accurate, first hand view of a hacking operation as it unfolds.
Endpoints provide critical forensics information including process actions, file access information, network events and endpoint configuration changes.
Endpoint detection and response platforms were built to provide comprehensive visibility to endpoints and servers, monitor behaviors and spot abnormal behaviors that are indicative of malicious activity. By continuously monitoring and analyzing activities on the endpoint EDR tools enable detection and response to cyber attacks that managed to pass other security protection tools.
What IS THE difference between EDR, Antivirus and Next Generation Antivirus (NGAV)?
Antivirus was once the main way to protect endpoints. This software was designed to detect malicious programs, block them from running and offer security professionals a way to remove them. But threats have grown more advanced and malware is no longer the only threat vector adversaries use, significantly decreasing AV’s effectiveness at protecting companies. Today attackers can use fileless malware, zero-day exploits and advanced persistent threats in an attack campaign. These new threats don’t use signatures so traditional antivirus programs can’t detect and stop them.
With AV losing its edge, security vendors have named next-generation antivirus (NGAV) as the legacy product’s successor. But what exactly constitutes NGAV is unclear since there’s no accepted definition for this term. At a minimum, next-generation products need to go beyond just performing signature-based detection and incorporate some type of advanced technology.
Next-generation antivirus products still look for certain file attributes that are associated with malicious activity
Many NGAV look at one machine at a time: they lack the ability to cross-correlate data from multiple endpoints and only know what’s happening on one machine.
NGAVs focus only on preventing attacks. For the attacks that NGAV can’t prevent, these solutions offer little or no visibility into what actually happened.
EDR platforms provide you with the visibility to understand when an NGAV has missed a threat, and evolved beyond a simple malware infection. EDR solutions pull together all the related attack activities, and show you their scope and impact for forensic investigation. When organizations combine EDR and NGAV, they are investing in a true next-generation endpoint security platform.
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
Never miss a blog
Get the latest research, expert insights, and security industry news.