Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security What is EDR (Endpoint Detection and Response)?
Security

What is EDR (Endpoint Detection and Response)?

By Michael Tschirret
22 April, 2020

Ransomware, malware, phishing, and spear phishing—all clear and present dangers to your customers’ networks, businesses, and personally identifiable information (PII). And now, these attacks are preying on people’s fear, uncertainty, and doubt surrounding the rise of COVID-19.

How do you secure those networks in the face of an ever-changing environment? Perhaps your best defense is one you may not be overly familiar with: Endpoint Detection and Response (EDR). Anton Chauvin of Gartner originated the term, using it to describe “this family of new tools focused on visibility, and from prevention to detection for the endpoint.”

So, what is EDR? It’s a multifaceted solution that does everything modern managed antivirus (AV) can do, but takes things a step further—providing greater security and (most importantly) peace of mind. These include, but are not limited to:

  • Monitoring
  • Threat detection
  • Whitelisting/blacklisting
  • Threat response
  • Integration with other cybersecurity solutions

Let’s take a closer look at this new weapon made for your cybersecurity arsenal.

EDR’s place in the cybersecurity universe

EDR centers on protecting endpoints. Given the number of threats that spawn daily, antivirus and other point solutions can make managing large numbers of endpoints difficult. When we talk about traditional managed antivirus (MAV), it's typically from a passive standpoint. MAV can only detect and quarantine known threats—those that have been previously identified. Therein lies the rub—MAV requires regular signature updates. This means there is often a gap in coverage between when a virus is discovered and when your customers become protected. Plus, threats that haven’t yet been discovered can operate in the wild before you can even get an update. It’s a reactive approach with proactive intent. 

In contrast, EDR is proactive. Comprised of monitoring software and endpoint agents, EDR solutions use integrated machine learning and advanced artificial intelligence (AI) to identify suspicious behaviors and address them regardless of whether or not there’s a signature. For example, if several files change at the same time, chances are it’s more likely a result of an endpoint assault rather than user error. 

The only constant is change

Think about it—the world is in a constant state of flux, and technology is no different. The cloud has changed everything, from the rise of ecommerce to enterprise-based solutions that billions of individuals rely on daily. But with progress comes inevitable roadblocks, and for the cloud, we must focus on intent—specifically those who look to profit from it in harmful ways. Data is arguably your customers’ greatest asset—so how do you help safeguard that asset?

AI to the rescue

For the moment, let’s focus on the positives that have come about with the rise of machine learning. If we look at the benefits of AI for EDR, the core benefit is advanced technology, which allows it to recognize and deal with advanced threats. This is where EDR excels—asking questions like:

  • Has this endpoint performed this activity before?
  • Does this file or behavior exhibit unusual patterns?
  • Why are secured files being looked at or hit?

Advanced polymorphic viruses (those that can generate modified versions of themselves to counter detection) and zero-day threats (which target and exploit a previously unknown vulnerability) fall into the above line of questioning. EDR not only asks these questions, it also provides the answers we need to address the threats—with options to kill, quarantine, remediate, and rollback.

Ransomware realities

CTA Image

SolarWinds N-central

Try the powerful N-central solution for free.

Try It Free Learn More

No doubt you’ve heard of ransomware. Someone opens an attachment or email, or visits a webpage with malicious script, and they’re greeted with a notification that all their files are encrypted. The cybercriminal will only return their files after they pay a princely sum in Bitcoin –except there is no guarantee they will get their data back. Many corporations are unwilling to risk paying a ransom because of this lack of a guarantee. 

It can happen to anyone, and the facts are staggering:

  • Businesses experienced an average of 16.2 days of downtime at the end of 2019 due to ransomware
  • One business will be hit every 11 seconds by a ransomware attack by 2021, according to some predictions
  • The predicted cost of damages due to ransomware in 2021 is $20 billion

The solution we need, before we know we need it

When an endpoint agent discovers a threat, EDR springs into action via the central monitoring system. The central monitoring system analyzes and correlates threats. Depending on which EDR solution you use, you can even visually trace the genesis of the threat and its path to the endpoint as SolarWinds® EDR does. While MAV and disk encryption are valid ways to secure your endpoints, EDR offers capabilities that help futureproof your users’ machines. These include near real-time file analysis and alerts, detailed forensics, offline protection, the ability to disconnect from the network to help prevent further spread, and the killer feature—infected file rollback.

Like it never happened

Rollback is where an MSP can offer the greatest value to their clients. This feature uses advanced technology to take “snapshots” of the endpoint at regular intervals (set at the administrator’s discretion). If ransomware hits, it only takes a few clicks to roll back the endpoint disk image to a previous point in time, saving the company significant time and money Can you really put a price on that kind of peace of mind?

Deployment considerations 

Before you deploy EDR, you should consider your own capabilities. This enhanced functionality brings a bit more complexity, so SMBs and IT pros should consider their resources before deploying. 

As we’ve mentioned before, EDR is not the only way to secure an endpoint. Look at your data and the use case for each employee. While EDR is perfect for someone who manages sensitive human resource data (such as payroll and PII), it may not be necessary for someone who simply stores personal files in the cloud or has a solid backup client combined with disk encryption and MAV. One size does not fit all.

The final word

You have options—not just to deploy EDR or stick with more traditional systems, but among potential vendors. You should thoroughly consider the strengths and weaknesses of every angle. 

At the end of the day, EDR requires an agent to run on each endpoint. SolarWinds MSP offers options for Windows, Mac, and Linux, as well as integration with our existing SolarWinds N-central® monitoring platform. Don’t forget, a solid layered approach to network security is recommended so make sure to patch and back up regularly.

I hope you’ve enjoyed this introduction to EDR. Join me next month for a deeper dive into the differences between MAV and EDR. 

 

Michael Tschirret is Sr. Product Marketing Manager, EDR, at SolarWinds MSP

 

Additional reading

7 Steps to Enhance Your SMB Cybersecurity 
Endpoint Detection and Response: Modern Weapons Against the Cybercriminals
CSAM: Remedies for Today’s Common Threats
You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Security

What Do Auto Racing and EDR Have in Common?

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.