Given this threat to their existence, legacy AV solutions started offering further services such as firewall control, data encryption, data loss prevention through device blocking, and a suite of other tools attractive to IT management in general, but not necessarily centered on security itself. These advanced AV solutions fell under the endpoint protection platform (EPP) umbrella. Regardless, EPP was still fundamentally signature-based and did not truly solve the inherent problems with legacy AV.
This isn’t to say that antivirus solutions don’t have a place. For many businesses facing lower levels of risk or for budget-conscious MSP customers, AV solutions are still better than nothing. And they can prevent several threats when working in concert with other security layers. Yet, the sheer number of wide-scale breaches show businesses really are better off upgrading to a more versatile solution like EDR.
Enter EDR—peering into the dark
Aside from being signature-based, what primarily distinguishes EPP and legacy AV from more modern EDR is they are based around prevention. In contrast, EDR is all about providing you with visibility into what is occurring on the endpoint and network.
There were earlier “homegrown” attempts to do this before security vendors stepped up to the plate. For instance, there were hundreds of GitHub repositories offering open source tools for visibility, some even cross-platform, like Facebook’s OSQUERY. But using such solutions required skilled personnel who could code, integrate, do some DevOps, and come up with a feasible process to make the enterprise aware of the active breaches as soon as possible.
At the same time, innovation finally made it to the AV industry and a new line of products began to appear focusing on detecting unusual activity and issuing a response—alerts for a security analyst to investigate.
Essentially, these EDR solutions attempt to provide you with visibility into what is occurring on the endpoint and network. Some claim this is an easier nut to crack than protection, as it shifts the work onto a human agent and only requires alert generation from the software. For EDR solutions relying on weak heuristics and insufficient data modeling, the upshot for the security team can be either a never-ending stream of alerts or a high number of false positives (or both). The EDR market lacked a means of contextualizing the complex amount of data streaming from the endpoints that this visibility provided.
Problems with EDR as we know it
Increased visibility means an increased amount of data, and consequently an increased amount of analysis. Because of this, most EDR solutions available today aren’t scalable. They require too many resources that are in short supply, namely time, money, bandwidth, and a skilled workforce.
In addition, EDR, in many cases, requires cloud connectivity, and as such will be late with protecting endpoints. If the solution is not on the device, there will inevitably be some dwell time. A successful attack can compromise a machine, exfiltrate or encrypt data, and remove traces of itself in fractions of a second. Waiting for a response from the cloud or for an analyst to take action in a timely manner is simply not feasible in the modern threat scape.
The Future: SolarWinds Endpoint Detection and Response
SolarWinds® Endpoint Detection and Response (EDR), powered by SentinelOne, was built to correlate the story on the device itself.
SolarWinds EDR offers an automated response that relies on artificial intelligence to take the burden off the MSP team. It allows teams to quickly understand the story and root cause behind a threat. The technology can autonomously attribute each event on the endpoint to its root cause without any reliance on cloud resources.
This can revolutionize security. It can be used by MSPs almost regardless of resources—from those who are advanced in security to more novice security professionals—providing them with the ability to automatically remediate threats and defend against advanced attacks.
Cybersecurity is a never-ending game of cat-and-mouse. As attackers up the ante, developing new skills and deploying new tactics and techniques, defenders respond by trying to play catch up. Endpoint security solutions have been lagging behind bad actors for a while now, but with the advent of SolarWinds EDR, powered by SentinelOne—a technology that can prevent, detect, and respond to advanced attacks regardless of delivery vectors, whether the endpoint is connected to the cloud or not—defenders may at last have a winning edge.
Want to learn how SolarWinds EDR can help your business? Learn more here.