Both antivirus (AV) and EDR protect your network differently. Antivirus is focused on protection, the goal to catch and block any malicious program before it does damage to your systems based on signature-matched detection. EDR will warn you of an attack relying on analysis and data to prevent the attack.
AV is software that you install and update, but nothing else is required of it. Unfortunately, the majority of traditional AV solutions can't protect against signature-less or file-less threats that include zero-day exploits and APT (Advanced Persistent Threats). EDR can identify the threats and pinpoint where the attack is coming from. Endpoint detection and response, looks at the big picture, and is proactive, actively looking for threats.
There's no straightforward answer to this question as it will depend on the EDR solution you choose and its capabilities. Most EDR tools will include antivirus. As cyber crime becomes more sophisticated, antivirus solutions alone will struggle to deal with its complexities. EDR using AI, analytics, and machine learning can identify suspicious behaviour that would bypass antivirus tools independently.
Moving on from antivirus, an often asked question is what is the difference between endpoint detection and response and EPP (Endpoint Protection Platform). EPP is designed to detect and block known threats. It uses data encryption, antivirus, anti-spam, personal firewalls, and so on. It's described as a 'first-line defence mechanism.' These standard security provisions can sometimes be easy to breach for experienced cybercriminals who can silently access a network without triggering a security alert.
EDR is a more comprehensive next-level layer of protection, highlighting any suspicious actions that might have gone unnoticed. EDR deals with threat hunting, analysing intrusions, threat response, and clean up and remediation. As mentioned with antivirus, EDR and EPP aren't an either-or solution but work together to protect against cyber threats.
EDR is especially valuable when it comes to recognising and reacting to non-traditional security threats such as:
Advanced Persistent Threats – APTs are attacks that infiltrate a network and remain undetected for an extended period. Once inside, they can work at gaining more in-depth access to the system with the potential of causing untold damage over a prolonged length of time. While the primary targets for APTs tend to be larger enterprises and nation-states, small to medium size businesses should still be vigilant to this type of attack.
Fileless Malware – As the name indicates, this type of attack does not require a file to be downloaded, as the threat is signature-less and leaves no digital footprint, it can't be detected by traditional antivirus. It works by taking advantage of known software vulnerabilities and is written directly into the RAM or systems memory.
Zero-Day Vulnerabilities – This type of attack is carried out by cyber criminals on the same day that a vulnerability is found, hence there is no threat signature to identify. This again makes it impossible to detect using a signature-based security tool such as antivirus.
To conclude, no miracle solution prevents cyber-attacks. Malicious actors will always be using new tactics and software to find susceptibilities to exploit. With the growth in endpoints, we can also expect a rise in the number of cyberthreats targeting them to infiltrate networks.
The best practice for any business is to take cyber security seriously and maintain a holistic approach. This includes first-line defence measures such as antivirus, firewall, and data encryption in addition to educating and training employees in cybersecurity awareness. EDR adds another layer of defence and a higher level of protection, including real-time threat intelligence.
Bulletproof’s managed SIEM service includes endpoint protection to protect every element of your business. Find out more about our cost-effective, flexible service packages.
Learn moreIf you are interested in our services, get a free, no obligation quote today by filling out the form below.