What is endpoint detection and response?
Endpoint detection and response solutions go beyond antivirus solutions. Instead of using traditional signatures, EDR solutions collect data on multiple activities across an endpoint and correlate that information to detect and respond to threats. Instead of waiting for a signature to be discovered and pushed to the AV solution, EDR tools use artificial intelligence (AI) and machine learning to monitor for threats. Additionally, the right EDR solutions will act on your behalf to deal with a potential attack quickly.
Let’s consider weaponized documents. Someone receives a convincing-looking phishing email and downloads an attached PDF. The PDF lands on the endpoint and tries to launch a script to reach out to a command and control server to download a ransomware payload. The EDR solution will log the strange behavior and continue to monitor the process. Based on configuration settings, a solution like SolarWinds® Endpoint Detection and Response can spring into action by quarantining the ransomware, automatically rolling the endpoint back to a known safe state, or by raising an alert with the MSP technician.
Additionally, a strong EDR solution helps protect the wider network. Most legacy antivirus solutions emphasize defense against external threats. This is common with traditional network firewalls as well. However, many modern threats use lateral movement to infect a network. In laymen’s terms, if an endpoint gets infected, it will attempt to spread to other parts of the network.
Many corporate networks are designed to support productivity and enable sharing between devices. These networks rarely expect an attack to come from the inside. If an EDR solution detects suspicious behavior, like an attempt to establish communications with another endpoint, it can block this communication and prevent the attack from spreading across the network. The ability to act autonomously helps deliver an appropriate response to threats quickly before it can spread to the full network.
How this helps MSPs
MSPs using endpoint detection and response gain several key advantages. First, it allows you to offer more robust security services. Security has grown in importance over the years, and will only continue. With modern endpoint protection, you can better meet market demands.
Second, EDR solutions help reduce the risk of a major breach. A breach can be catastrophic for the end customer and can seriously damage an MSP’s reputation. An effective EDR solution can help keep your customers safe and your reputation untarnished.
Finally, EDR solutions can help you provide a better customer experience. Since it can act on your behalf without sending data to the cloud or waiting for a response, you are better positioned to resolve security issues before they become catastrophic. For example, if ransomware attempts to encrypt files on a customer’s machine, a product like SolarWinds EDR can kill and quarantine the offending process and quickly recover the endpoint by replacing encrypted files with pre-attack, healthy versions. This helps prevent downtime, lost productivity, and angry phone calls from your customers.
Is EDR the future?
An average of 350,000 new malware variants are discovered each day. With this volume, it’s hard for AV solutions to keep up. Plus, as cybercriminals continue using techniques to evade AV, antivirus may increasingly become less relevant. Businesses may need to move to EDR to round out their security.
Andrew Miller is senior product marketing manager at SolarWinds MSP.