Antivirus, EPP, and EDR – What’s the difference?John LeMay
Most people are familiar with antivirus software, its purpose, and why it is necessary. Fewer are familiar with newer terms such as EPP (Endpoint Protection Platform) or EDR (Endpoint Detection and Response). Both EPP and EDR refer to modern approaches to cybersecurity that go above and beyond the capabilities of basic antivirus software. While antivirus solutions generally were effective in protecting business and personal computers 20 years ago, modern threats such as phishing, ransomware, and zero-day threats require a more advanced approach to protection.
Traditionally antivirus software was focused on protecting files. If a file was opened or saved, the software would check the file for signs of a virus. The antivirus software relied on a database of known viruses stored on the computer to detect a virus. This database needed to be updated frequently for the software to continue to work properly. Since it took time for antivirus software developers to update their databases and more time for computers to receive the database updates, a computer would be unprotected from new threats for some time.
Threats look very different now than in the past. Today threats may come from a variety of sources such as links in email or websites. These threats can infect a computer and remain dormant for some time. They may upload data to some unknown party without the knowledge or approval of the person using the infected computer. These same methods of attack can then move from one computer to other computers connected to the same network.
Ransomware attacks use this method to steal and then encrypt some or all of an organization’s data. The bad actors responsible then demand payment in return for a promise that they will provide a method to decrypt your data and that they will destroy the copies of your data in their possession. Many times these promises go unfulfilled even after payment has been made.
Tools such as EPP and EDR protect from threats by monitoring and in many cases automatically blocking potential threats. A link in an email can be automatically blocked if a user clicks on it. A website attempting to install code on a computer can be prevented from doing so automatically.
The primary difference between EPP and EDR is the roles each serves in the protection of a computer endpoint. At the most basic level, EPP solutions block known and unknown threats. EPP includes protection similar to what was provided by traditional antivirus software. Additionally, EPP uses advanced analysis techniques to detect and block unknown threats.
The role of EDR is to detect and neutralize unknown threats. EDR is appropriate for the protection of highly sensitive systems and data. EDR is typically deployed along with EPP to provide enhanced system security. EDR provides the highest level of endpoint protection and automation available today, a fact that will likely change soon as emerging security technologies continue to become more viable. EDR solutions can analyze data collected from endpoints across an organization and automatically prevent against new threats. This is accomplished through advanced data collection and analysis, AI, machine learning, and automation.
Choosing the correct level of cybersecurity monitoring and protection for your organization is important. Having no protection or relying solely on protections built into modern systems is generally inadequate. Instead, choosing a solution such as EPP or EPP with EDR, coupled with additional protections such as firewalls and good business practices, can help protect your organization in today’s challenging cybersecurity world.
Oceantec can help your organization protect against cybersecurity threats. We can assist by analyzing existing protections, identify gaps in protection, and assist with remediation. Additionally, we can provide around-the-clock monitoring and protection for all of your business systems. Contact Oceantec today to learn more about how we can help.