Antivirus was once the best way to protect endpoints (laptops, servers, workstations). They are designed to detect malicious programs(based on existing Signatures), block them and offer an easy way of removing them.But the threat landscape today have grown more advanced and malware are no longer the only threat vector the attackers can use. This drastically change the effectiveness of Antivirus to protect businesses and organizations data.
Today, fileless malware, zero day exploits and APT are leading in the attack campaign been launched at organization. These set of new threat don’t use signatures which is the bases on which your Antivirus can work to protect you.
At this point, the world need a solution that can protect them, and researchers started working out a new strategy to replace Antivirus, which gave birth to the Next Generation Antivirus (NGAV).
Next Generation AntiVirus(NGAV)
NGAV is the term coined to replace the new way Antivirus is working, handling detection by looking for a specific characteristics and don’t account for human ingenuity or attacker behavior. How can we move beyond this point?
What is An EDR?
Where we are today is the EDR, which combines elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and mitigate any suspicious activities and issues on hosts and endpoints.
One of the beauty of the EDR is that they can be used as a complement to a larger security systems such as Security Information and Event Management (SIEM) , Vulnerability management and IR tools.
Essential elements of every EDR solution range from detection, effective cleanup and remediation, observing endpoint activity without interference, cross-correlation of data across the whole environment (using feeds and IOCs), to empowering IR and forensics investigation.
So most of what your Antivirus and NGAV will miss will be detected by the EDR platform.
Types of EDR Tools
There are many companies that offer EDR tools .Here are a few.
- symantec Endpoint Protection Visit to read more on this vendor
- Webroot Endpoint Protection. Visit to read more about this vendor
- Fortinet. Visit to read more about this vendor
- Sophos Intercept X: Next Gen Endpoint. Visit to read more about this vendor
- CarbonBlack_Inc Response and Defense Product. Visit to read more about this vendor
- kaspersky Endpoint Security. Visit to read more about this vendor
- cybereason EDR. Visit to read more about this vendor
- PaloAltoNtwksUK Networks Traps Visit to read more about this vendor
- FireEye Endpoint Security. Visit to read more about this vendor
- cylanceinc Endpoint Security Visit to read more about vendor.
If you’re reading this post and you have work with product from any of these vendors, please leave comment to help guide those planning to invest in EDR.