No doubt you’ve heard of ransomware. Someone opens an attachment or email, or visits a webpage with malicious script, and they’re greeted with a notification that all their files are encrypted. The cybercriminal will only return their files after they pay a princely sum in Bitcoin –except there is no guarantee they will get their data back. Many corporations are unwilling to risk paying a ransom because of this lack of a guarantee.
It can happen to anyone, and the facts are staggering:
- Businesses experienced an average of 16.2 days of downtime at the end of 2019 due to ransomware
- One business will be hit every 11 seconds by a ransomware attack by 2021, according to some predictions
- The predicted cost of damages due to ransomware in 2021 is $20 billion
The solution we need, before we know we need it
When an endpoint agent discovers a threat, EDR springs into action via the central monitoring system. The central monitoring system analyzes and correlates threats. Depending on which EDR solution you use, you can even visually trace the genesis of the threat and its path to the endpoint as SolarWinds® EDR does. While MAV and disk encryption are valid ways to secure your endpoints, EDR offers capabilities that help futureproof your users’ machines. These include near real-time file analysis and alerts, detailed forensics, offline protection, the ability to disconnect from the network to help prevent further spread, and the killer feature—infected file rollback.
Like it never happened
Rollback is where an MSP can offer the greatest value to their clients. This feature uses advanced technology to take “snapshots” of the endpoint at regular intervals (set at the administrator’s discretion). If ransomware hits, it only takes a few clicks to roll back the endpoint disk image to a previous point in time, saving the company significant time and money Can you really put a price on that kind of peace of mind?
Before you deploy EDR, you should consider your own capabilities. This enhanced functionality brings a bit more complexity, so SMBs and IT pros should consider their resources before deploying.
As we’ve mentioned before, EDR is not the only way to secure an endpoint. Look at your data and the use case for each employee. While EDR is perfect for someone who manages sensitive human resource data (such as payroll and PII), it may not be necessary for someone who simply stores personal files in the cloud or has a solid backup client combined with disk encryption and MAV. One size does not fit all.
The final word
You have options—not just to deploy EDR or stick with more traditional systems, but among potential vendors. You should thoroughly consider the strengths and weaknesses of every angle.
At the end of the day, EDR requires an agent to run on each endpoint. SolarWinds MSP offers options for Windows, Mac, and Linux, as well as integration with our existing SolarWinds N-central® monitoring platform. Don’t forget, a solid layered approach to network security is recommended so make sure to patch and back up regularly.
I hope you’ve enjoyed this introduction to EDR. Join me next month for a deeper dive into the differences between MAV and EDR.
Michael Tschirret is Sr. Product Marketing Manager, EDR, at SolarWinds MSP