Endpoint Detection and Response (EDR), also known as Endpoint Detection and Threat Response (EDTR) is a security solution which monitors end-user devices, such as laptops or mobile phones, and can also be applied to servers to proactively detect and react to cyber threats such as ransomware and malware.
What is an Endpoint?
An endpoint is anything at the end of a network cable or Wi-Fi connection. This could be the laptops or computers used by your workforce, business and personal mobile phones, tablets, servers and anything in the virtual environment. Traditionally, antivirus software has been used to stop viruses and malware on your devices. As technology has progressed and hackers have increased their knowledge, it’s more important than ever to ensure that all of your endpoint devices are considered when planning cyber security.
How does EDR work?
EDR is a solution that records and stores behaviours, utilises techniques for data analytics and detects suspicious system behaviour in order to provide contextual information to block malicious activity (such as ransomware, viruses, malware etc.) and suggest or implement remediation to stop an attack and restore the affected system.
What’s the difference between EDR and a Firewall?
Before the recent advances in technology, a firewall would block most known threats to your devices. whereas EDR monitors all traffic on the network in order to identify and proactively prevent potential threats.
In simple terms, a firewall will block known threats that have managed to get through whereas EDR will identify and prevent threats before they arrive in your system. EDR incorporates firewalls as part of its system in order to enhance the security provided to your network.
Note: It is essential you have strong firewall settings as well as EDR. Your firewall provides a reactive approach whereas your EDR offers a proactive response.
How about antivirus and EDR?
Like the firewall, EDR incorporates antivirus software to identify and prevent future threats. Antivirus software has the ability to detect and respond to malware on an infected device. EDR offers this in addition to firewall functionality as well as other security activities.
Note: Like your firewall, it is essential that you have an antivirus solution on your network. Similar to a firewall, antivirus software provides a reactive approach whereas your EDR offers a proactive response.
In conclusion, EDR focuses on detection and response and identifies suspicious behaviour on your network. With hackers and cyber attackers becoming increasing devious in their approaches, ensure that you are taking the highest precautions possible to prevent a ransomware or similar attack.
To discuss EDR and Cyber Essentials, speak with one of our team at Bean IT on 0121 667 8977, or email us at firstname.lastname@example.org.