top of page

What is EDR and Why do I need it?

What is EDR and Why do I need it?

One of the core tools in our arsenal in the war against workstation infections from a virus or malware is time. And the best way to gain time is with an automated response - and that's what EDR does for you. EDR stands for Endpoint Detection and Response - it has the ability to detect and act to keep your computer and data safe.



Antivirus solutions have traditionally relied very heavily on something called signature matching to determine threats to the device. AV software compares files against a known database of “bad” files. When a match is found, the file is recognized as a threat. AV software can also use heuristics – predictions based on behaviors – to try and look at the behavior of a file or process as well, but the primary method of detection/protection is the signature database.


EDR software flips that model – relying primarily on behavioral analysis of what’s happening on the endpoint. For example, if a Word document spawns a PowerShell process and executes an unknown script, that’s concerning. The file will be flagged and quarantined until the validity of the process is confirmed. Not relying heavily on signature files allows the EDR software to react in a better way to new and advanced threats. Without comparing every single EDR vs. antivirus offering, here are some common differences between most AV and EDR solutions.


EDR:

  1. EDR includes real-time monitoring and detection of threats – including those that may not be easily recognized or defined by standard antivirus. Also, EDR is behavior-based, so it can detect unknown threats based on a behavior that isn’t normal.

  2. Data collection and analysis determine threat patterns and alert organizations to threats.

  3. Forensic capabilities can assist in determining what has happened during a security event.

  4. EDR can isolate and quarantine suspicious or infected items. It often uses sandboxing to ensure a file’s safety without disrupting the user’s system.

  5. EDR can include automated remediation or removal of certain threats


Antivirus:

  1. Antivirus is signature-based, so it only recognizes threats that are known.

  2. AV can include scheduled or regular scanning of protected devices to detect known threats.

  3. Assists in the removal of more basic viruses (worms, trojans, malware, adware, spyware, etc.)

  4. Warnings about possibly malicious sites.


There is some overlap between EDR and traditional antivirus, but overall, antivirus on its own is a less comprehensive solution.


Do I need both EDR and Antivirus?

No. The TechSperts recommend that you do not use both. When evaluating EDR vs. antivirus, it’s important to note that endpoint detection and response covers the bases in all of the top antivirus packages – and more. STCNtech recommends other antivirus tools be removed when an EDR solution is installed. Running both can cause slowness or other technical issues on systems and devices. To defend against complex and evolving threats, the choice is clear – endpoint detection and response will give you more advanced security.


Navigating the intricate realm of security in this world of complex threats might seem daunting; however, our expert team stands ready to guide you through the ever-evolving digital landscape. Don’t wait until trouble strikes — connect with us today and fortify your digital presence by clicking here, shooting an email online@stcntech.com or giving us a ring at 610-910-9347 today!

7 views0 comments
bottom of page