Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Endpoint Detection and Response: Modern Weapons Against the Cybercriminals
Security

Endpoint Detection and Response: Modern Weapons Against the Cybercriminals

By Andrew Miller
3 July, 2019

You do your best to keep customers safe from cyberattacks. You patch regularly. You’re strict on password management and access. You employ email and web protection for each client. These layers each play a role in reducing your customers’ risks.

However, antivirus (AV) often can’t stand up to some modern threats. To deal with this, many businesses are shifting to endpoint detection and response (EDR) solutions. EDR products can protect against a broader range of threats against endpoints—and do a lot more in the process. Before we get to that, let’s examine AV. 

AV Evasions

Legacy AV programs use signatures to detect threats. When malware gets discovered, AV vendors add information—a signature—to their database of known viruses, then push that information to their customers. This requires users to keep their AV signatures up to date. 

The time it takes to identify and develop a signature then push the update to the endpoint leaves a gap in coverage. If an endpoint contains malware that either lacks a known signature or if its AV is out of date, the user won’t be protected from its effects. Beyond that, cybercriminals have taken steps to evade AV detection to cause damage. For example, AV programs can have a hard time handling:

  • Weaponized documents: Microsoft Office documents or PDFs can contain dangerous macros or scripts. Often, the AV program checks only the initial document, and won’t take action if it launches a script to download malware. The malware could then lurk in the background undetected, do damage to the endpoint, or hop across the network.
  • Fileless malware: One major, recent security trend has been the use of fileless malware. These attacks run in working memory, typically using internal system tools instead of malicious software. The endpoint trusts these internal components, so it won’t suspect them when it starts doing damage. Plus, if there’s no file to scan, the AV can’t detect the issue. 
  • Polymorphous malware: Another trend in malware is increasing use of polymorphic techniques. Polymorphic malware changes behavior until it finds a gap in the signature database. Typically, polymorphic malware continues changing behavior on a set basis to further evade detection. In other words, the antivirus program tries to shoot a moving target and can’t rest even it scores a hit.

This is only a small sample of techniques that bypass AV protection. Endpoint detection and response solutions can help with these. 

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

What is endpoint detection and response?

Endpoint detection and response solutions go beyond antivirus solutions. Instead of using traditional signatures, EDR solutions collect data on multiple activities across an endpoint and correlate that information to detect and respond to threats. Instead of waiting for a signature to be discovered and pushed to the AV solution, EDR tools use artificial intelligence (AI) and machine learning to monitor for threats. Additionally, the right EDR solutions will act on your behalf to deal with a potential attack quickly. 

Let’s consider weaponized documents. Someone receives a convincing-looking phishing email and downloads an attached PDF. The PDF lands on the endpoint and tries to launch a script to reach out to a command and control server to download a ransomware payload. The EDR solution will log the strange behavior and continue to monitor the process. Based on configuration settings, a solution like SolarWinds® Endpoint Detection and Response can spring into action by quarantining the ransomware, automatically rolling the endpoint back to a known safe state, or by raising an alert with the MSP technician. 

Additionally, a strong EDR solution helps protect the wider network. Most legacy antivirus solutions emphasize defense against external threats. This is common with traditional network firewalls as well. However, many modern threats use lateral movement to infect a network. In laymen’s terms, if an endpoint gets infected, it will attempt to spread to other parts of the network. 

Many corporate networks are designed to support productivity and enable sharing between devices. These networks rarely expect an attack to come from the inside. If an EDR solution detects suspicious behavior, like an attempt to establish communications with another endpoint, it can block this communication and prevent the attack from spreading across the network. The ability to act autonomously helps deliver an appropriate response to threats quickly before it can spread to the full network.

How this helps MSPs

MSPs using endpoint detection and response gain several key advantages. First, it allows you to offer more robust security services. Security has grown in importance over the years, and will only continue. With modern endpoint protection, you can better meet market demands. 

Second, EDR solutions help reduce the risk of a major breach. A breach can be catastrophic for the end customer and can seriously damage an MSP’s reputation. An effective EDR solution can help keep your customers safe and your reputation untarnished. 

Finally, EDR solutions can help you provide a better customer experience. Since it can act on your behalf without sending data to the cloud or waiting for a response, you are better positioned to resolve security issues before they become catastrophic. For example, if ransomware attempts to encrypt files on a customer’s machine, a product like SolarWinds EDR can kill and quarantine the offending process and quickly recover the endpoint by replacing encrypted files with pre-attack, healthy versions. This helps prevent downtime, lost productivity, and angry phone calls from your customers. 

Is EDR the future? 

An average of 350,000 new malware variants are discovered each day. With this volume, it’s hard for AV solutions to keep up. Plus, as cybercriminals continue using techniques to evade AV, antivirus may increasingly become less relevant. Businesses may need to move to EDR to round out their security. 

 

To see how it can help, try SolarWinds Endpoint Detection and Response, available in SolarWinds RMM and N-central®. You can learn more here and see it in action by starting a free trial.

 

Andrew Miller is senior product marketing manager at SolarWinds MSP.

 

What Is Advanced Endpoint Security and Why Is It So Important?
7 Steps to Enhance Your SMB Cybersecurity 
2 Attacks Traditional Antivirus Is Powerless to Stop
You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year
Security

What Do Auto Racing and EDR Have in Common?
Automation

What the Head Nerds Were Up to in 2020
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities
Security

Documentation Management API and Why It’s Important for the MSP Business
Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.