For as long as there have been commercially available computers, there have been computer viruses. If you’ve owned or even just used a computer for any amount of time, chances are you have personally felt the often heart-wrenching effects of having your computer suddenly misbehave due to some kind of malicious code. Historically, the remedy has thankfully been simple, install an Antivirus software like Norton, McAfee, AVG or Kaspersky, run a scan and then have it automatically clean up the mess.
Unfortunately, those days are now long gone. Current day viruses, or malicious programs, operate at breakneck speeds to spread across your network, exfiltrate data or even lock up your computers with near unbreakable encryption in order to extort real money from you to regain control. To make matter worse, they often leverage what are commonly referred to as Zero Day vulnerabilities in your systems to gain access, that is to say, newly discovered errors or flaws in your systems that no antivirus software even knows about yet. A traditional antivirus is simply not enough to keep both your personal information as well as your business safe.
The Government of Canada has released a bulletin demonstrating how these new IT threats are becoming more and more prevalent, an increase of over 150% from 2020 to 2021 alone.
Thankfully, just as the programmers of these malicious bits of code get more sophisticated, the good guys developing countermeasures are also getting more sophisticated in their approach as well.
Enter Endpoint Detection and Response!
Although you may have heard the term EDR before, you may not realize the important differences between it and your traditional AV software. Truth be told, we still regularly see people cross shopping AV and EDR and it makes about as much sense as screen doors on a submarine.
First and foremost, what is an EDR? Anton Chuvakin, a Research Director at Gartner, who coined the term EDR in 2013, describes it as follows:
(An EDR) “records and stores endpoint-system-level behaviors, uses various data analytics techniques to detect suspicious system behavior, provides contextual information, blocks malicious activity, and provides remediation suggestions to restore affected systems.”
Technical jargon aside, this means the main difference between an EDR and a traditional AV is that a traditional AV works solely on the computer where it is installed, verifying files and behaviours against a list of known threats whereas an EDR will collect the data from multiple systems and automatically analyse that data for any kind of suspicious behaviour using a variety of techniques such as those employed by traditional AVs as well as AI analysis and correlation between the various data sources and events in order to identify threats that are otherwise invisible to a regular AV. On top of that, another massive advantage of a good EDR is that the entire network of computers is monitored by real, qualified IT security personnel, whereas your traditional AV is monitored, typically, by the end user of the computer where the AV is installed.
A good EDR will also include features that allow you to immediately and automatically cut off compromised machines before they can infect others as well as roll back recent changes on them in order to bring everything back to a pre-compromised state!
Considering the reliance most businesses have on their IT systems, a single IT security incident can often lead to a financial disaster. Think about your business and what would happen if all your computer systems were suddenly inaccessible for an hour. What about a day? What about a week? Depending on how good your backups are (See our post on backups here), what would happen if you lost all your data? Would your business survive?
Maybe it’s time to take a long hard look at what you are doing to protect your business’s IT systems and along with well maintained backups, an EDR solution is a great place to start.
Here at S3 Technologies we’ve partnered up with SentinelOne, who are a leader in the EDR space, to provide a fully managed EDR system for our clients. Whether you decide to hop on board with us, or go your own way with an EDR solution of your choosing, the important thing is to get these security systems in place as soon as you can, the bad guys are not going to wait until you’re ready, they’re already actively looking for a way in to your network and likely have been for some time.