You’ve probably heard about Endpoint Protection and Endpoint Detection and Response these days. Ever wonder what they are? Ever wonder how they’re different? Well, Corporate Armor offers several excellent options in this category. We are proud to partner with well-respected vendors like Sophos, ESET, and AVG. And now, we’re going to try to clear up a little of the confusion for you. Hopefully, one of them might be a good option for you.
Okay, so what’s an Endpoint?
Fair question. Basically, an endpoint is a device.
Endpoint security, also known as endpoint protection, refers to the protection of connected devices like PCs, workstations, servers and smartphones. Protection from what? From cyber threats. Endpoints are vulnerable to a wide range of attacks. As a result, they are commonly targeted by criminals. Endpoint protection often includes features like antivirus, anti-malware, data encryption, personal firewalls, intrusion prevention and data loss prevention.
Traditional Endpoint Protection is inherently preventative. Also, most of its approaches are signature-based. That is, they identify threats based on known file signatures for newly discovered threats. However, the latest Endpoint Protection has evolved to include a broader range of detection techniques.
Endpoint Detection and Response
Endpoint Detection and Response (EDR) certainly has elements of next-gen antivirus. But, it boasts additional abilities, as well. For example, you can also expect real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.
Basically, EDR can record every execution and modification, every registry change, and network connection across an entire organization. As a result, it improves threat visibility beyond the scope of Endpoint Protection.
The benefits of this are easy to see. You can proactively search an organization to identify hidden threats.Then, you can shut them down before they cause damage and disruption. For example, it helps to greatly reduce both mean time to detect (MTTD) and mean time to respond (MTTR) to threats. It’s a lot easier to defend your organization’s assets and reputation when you are constantly uncovering security events and highlighting gaps in threat visibility and coverage.
On the face of it, the distinction between EP and EDR is relatively straightforward – EDR is sort of like a detective whereas EP is like an armed guard patrolling your wall. EP is a front-line, brute force defence defense, effective at blocking known threats. EDR is the next layer of security, providing additional tools to hunt for threats. It forensically analyzes intrusions and respond swiftly and effectively to attacks.
I hear you asking yourself…
The obvious question is, “Why wouldn’t vendors combine all these active/passive features into a single product to begin with?” Because while small organizations are increasingly turning to EDR for more advanced endpoint protection, many lack the resources to maximize the benefits of the technology.
Simply put, using advanced EDR features like forensic analysis, behavioral monitoring and artificial intelligence are labor and resource intensive. They simply require dedicated security professionals to manage.
But as you might expect, there is increasing convergence of the two markets. While EDR was initially a solution for large enterprises with dedicated IT departments, there is a growing acceptance that additional threat detection, investigation and response are a needed in organizations of all sizes.
As a result, we are seeing products that provide both active and passive endpoint protection. Consequently, EDR providers have begun to incorporate aspects of EP into their products, and EP providers are integratin basic EDR functionality in theirs too. Sophos Intercept X with EDR is a good example of this phenomenon.
So in a nutshell, EP sits ready to pounce on any threat that enters its domain. Sort of like the family dog that waits in the bushes for the mailman to come by. EDR, on the other hand, goes out into the neighborhood and finds the mailman before he even gets near your house.
Hopefully this has helped your understanding of the difference between Endpoint Protection, and Endpoint Detection and Response. As metioned before, Corporate Armor is partnered with several excellent EP and EDR vendors, such as ESET, Sophos, AVG, Fortinet, and more. We can answer any further questions you may have about either, so please email us or call 877-449-0458 any time!