EDR: The Changing Face of AV

The Changing Face of Anti-Virus

Security used to be so simple (we’ve been around a while). Install anti-virus (AV), train employees not to click on unknown links, and keep the software, hardware, and websites up-to-date. Throw in a firewall with some country-filtering and what more could you need? Those days are gone.

Many of us love being able to use a variety of devices and move pretty effortlessly from our office to our car to our home office; we can even access what we need/want from a coffee shop or a public computer. None of these options were in the traditional model—all the computers were on the network and all devices ran through the network, therefore they could all be secure. The most common solutions for work now include a growing number of apps and cloud services, neither of which are under the IT team’s control. Then you have company-specific files, even confidential files outside your network in solutions like Dropbox or Slack (two examples). Most companies allow BYOD (Bring Your Own Device) which saves the capital cost of purchasing phones and laptops, but results in having unmanaged devices on your network and accessing your data. These same devices then add data back to the company systems. Then there are wi-fi networks; we could go on, but I think you get the point.

Anti-Virus alone just doesn’t cut it anymore. It’s important, but it’s not enough. AV is designed to look for known signatures and stop them. When AV software is updated with the latest definition files, it’s the new things that are now ‘known.’ Basically, something has to be identified as a bad actor in order to be added to these definition files to avoid future compromises. This is a race with the hackers that is a never-ending battle and difficult to win.

According to a whitepaper by Egnyte, 85% of all breaches involve a human element, and this sentiment is echoed throughout our industry. Our teams are pounded with phishing attempts, business email compromises, lost or stolen credentials, the chronic use of insecure credentials (weak passwords!), and human error. Mobile devices, and I would add home devices, are the weakest link when it comes to IT security since staff members tend to be less cautious when they’re on-the-go or at home.

Here are four (4) of the new risks we’re facing:

  • Documents that look like PDF attachments but when opened, execute attacks over the network
  • Attacks that are not files, but execute from memory, making them very hard to identify
  • Zero-day threats that find a vulnerability in a computer or operating system and exploit it before the manufacturers even know about it and can address them.
  • Ransomware attacks which can bring a network to its knees. Then you get the demand for a lot of money to restore the data, which you hope will work, and pray they don’t add another ‘bomb’ that will go off at a future date.

So what’s an anti-virus software to do? What else can we do to protect our team members and our company data from this onslaught? We’d like to introduce you to Managed Endpoint Detection and Response (EDR).

The pattern of the threats is changing, so the type of software protection needs to be more sophisticated. Newer threats don’t have ‘signatures’ which is what AV solutions use to find the threat in the first place. Managed EDR uses Artificial Intelligence (AI) to stay on top of new threats and it monitors processes, something traditional AV can’t do.

In the coming months, we’ll move all of the computers we manage from our current AV, which has been very good, to the new EDR solution. Here are a few reasons and outcomes:

  • There is a roll back feature that will be available on the laptops and desktops. These devices can be ‘rolled back’ to a pre-infection state. Our servers have had Disaster Recovery options for years, but we’ve never had this capability on the laptops and desktops.
  • Using Artificial Intelligence (AI), current and emerging threats can be detected, with continual updates to the platform. No more waiting for a new AV release to get the latest protection in place.
  • EDR monitors processes before, during, and after execution to prevent new threats from slipping in.
  • With continual monitoring, we will reduce possible performance slowness, as when traditional AV scans run while you’re trying to work.

We’re in the process of creating our implementation plan, then we’ll provide additional details. We’ll continue to communicate through our newsletters, weekly email updates (Monday mornings!), and directly with you. If you have questions, please reach out and we can talk! – CMW