What is Endpoint Detection and Response (EDR)?

“Think of EDR as a flight data recorder for your endpoints. During a flight, the so-called “black box” records dozens of data points; e.g., altitude, air speed, and fuel consumption. In the aftermath of a plane crash, investigators use the data from the black box to determine what factors may have contributed to the plane crash ... Likewise, endpoint telemetry taken during and after a cyberattack (e.g. processes running, programs installed, and network connections) can be used to prevent similar attacks.”

DEMO

Malwarebytes Endpoint Detection and Response (EDR)

Expand visibility across your business attack surfaces with Malwarebytes EDR backed by proven detection results in the 2022 MITRE ATT&CK ENGENUITY Evaluation. Keep your organization's endpoints secure from modern threats and prevent unwanted attacks.

REQUEST EDR DEMO

What is the difference between EDR and antivirus?

Before going into the difference between EDR and antivirus, let’s get our definitions straight. We know EDR is a kind of endpoint protection that leverages endpoint data and the things we learn from that data as a bulwark against future infection—so what is antivirus?

Antivirus vs anti-malware

Malwarebytes Labs defines antivirus as “an antiquated term used to describe security software that detects, protects against, and removes malware.” In that sense, “antivirus” is a bit of a misnomer. Antivirus stops computer viruses, but it can also stop modern threats like ransomware, adware, and Trojans as well. The more modern term “anti-malware” attempts to bring the terminology up to date with what the technology actually does; i.e., stop malware. People tend to use the two terms interchangeably. For the purposes of this article, we’ll use the more modern term and just call it “anti-malware.”

EDR vs anti-malware

Now, to understand the difference between EDR and anti-malware we have to look at the use cases. On one hand you have off the shelf anti-malware designed for the consumer looking to protect a few personal devices (like a smartphone, laptop, and tablet) on their home network.

On the other hand you have EDR for the business user, protecting hundreds, potentially thousands of endpoint devices. Devices can be a mixture of work-owned and employee-owned (BYOD). And employees may be connecting to the company network from any number of potentially unsecure public WiFi hotspots.

When it comes to threat analysis, the typical consumer only wants to know that their devices are protected. Reporting doesn’t extend much beyond how many threats and what kinds of threats were blocked in a given span of time. That’s not enough for a business user.

Security admins need to know “What happened on my endpoints previously and what’s happening on my endpoints right now?” Anti-malware isn’t great at answering these questions, but this is where EDR excels.

But what about EDR vs XDR vs MDR? Get to know their differences in our Malwarebytes Labs post. Understanding the challenges each threat detection and response tool can address helps your security team choose the cybersecurity technology best fit for your company.

Benefits of endpoint detection and response

At any given moment EDR is a window into the day-to-day functions of an endpoint. When something happens outside the norm, admins are alerted, presented with the data and given a number of options; e.g., isolate the endpoint, quarantine the threat, or remediate.

Malwarebytes Endpoint Detection and Response is a proven leader in the MITRE ATT&CK ENGENUITY 2022 Evaluations.

Your business relies on EDR products to detect threats that circumvent your security architecture's outer layers. Our EDR security deploys within minutes to enhance your visibility across the attack surface, detect malicious threats, and provide enriched telemetry for incident response activities.

VIEW MITRE ENGENUITY RESULTS

FREE BUSINESS TRIAL

Why do companies need endpoint detection and response?

According to Malwarebytes Lab’s 2021 State of Malware Report, malware detections on Windows business computers decreased by 24% overall. Cybercriminals are moving away from piecemeal attacks on consumers, instead focusing their efforts on not just businesses, but educational institutions and government entities as well.

The biggest threat at the moment is ransomware. Ransomware detections on business networks are at an all-time high, due largely to the Ryuk, Phobos, GandCrab, and Sodinokibi ransomware strains. Not to mention Trojans like Emotet, which carry secondary ransomware payloads. And it’s not just the big name, Fortune 500 companies getting hit. Organizations of all sizes are being targeted by cybercriminal gangs, lone wolf threat actors, hacktivists, and state-sponsored hackers looking for big scores from companies with caches of valuable data on their networks. Again, it’s the value of the data, not the size of the company. Local governments, schools, hospitals, and managed service providers (MSPs) are just as likely to be the victim of a data breach or ransomware infection.

Consider the average cost of a data breach. The 2021 IBM “Cost of a Data Breach Report” puts the number at $4.24 million. In the US the number was $1.97 million higher where remote work played a role in prompting a breach.

With this sobering data in mind, endpoint protection like Malwarebytes Endpoint Protection and Response, is crucial to protecting your endpoints, your employees, your data, the customers you serve, and your business from a dangerous array of cyberthreats and the damage they can cause.

Related articles