Next Generation Antivirus (EDR): Why Endpoint Protection (EPP) Alone Is Not Enough

Next Generation Antivirus image

If you are using standard antivirus (endpoint protection or EPP), you are falling behind in the race — the one against the cyber criminals trying to access your network and steal your data or disrupt your business. EPP is simply not enough to get the job done. You need next generation antivirus: endpoint detection and response, aka endpoint threat detection and response (EDR).

Both EPP and EDR protect your endpoints (basically any device that has access to your network, including computers, mobile devices, servers and IoT devices). The difference is standard antivirus can only work against known threats.

Standard antivirus (EPP) says “I am an antivirus and I have this list of files that I know are bad (signature files). I can only compare the files I find with what’s on my list.” So, you’re only as good as your latest signature file. 

Here’s why traditional antivirus protection is not enough:

  • There’s only a simple baseline protection for all endpoints
  • There are no proactive detections
  • Traditional antivirus is based on decades old methods
  • There is no protection for unknown threats
  • There is no protection for fileless attacks/in-memory exploits
  • It can only protect against known malware

What Is Next Generation Antivirus?

Endpoint detection and response (EDR) is often simply referred to as next generation antivirus (Next Gen AV). EDR platforms continually monitor for cyber threats and respond to mitigate them. Because of this, they can be effective as a prevention against zero-day vulnerabilities — a weakness that is either unknown or for which a patch has not yet been developed. Until discovered and fixed, hackers can exploit zero-day vulnerabilities in programs, data, additional computers or a network.

According to a WatchGuard report, zero-day attacks represent nearly two-thirds of all malware attempts, at 64.1 percent. So if your antivirus program is only looking for what is already known, it is missing a great deal.

64.1 percent of malware attacks are zero day.

–WatchGuard 2021 Q2 Report

Anti-virus endpoint protection (EPP) is a necessary security layer and EDR doesn’t replace it: rather it complements current endpoint protection. Combined, EPP and EDR provide a comprehensive antivirus solution. An EDR solution can be deployed without changing your endpoint protection (EPP). It can be layered on top of your environment. 

Before COVID-19 necessitated remote workplaces, employees accessed applications and data inside a corporate network perimeter, firewalled off from potential threats. Today the cloud is where the remote workforce accesses data and cybercriminals have adapted their tricks and tools to target every endpoint despite its location. 

Protecting Your Business From Vulnerabilities

Why do software vulnerabilities exist? Simply put, the answer is people. It’s people who write the software. People are not infallible, therefore software cannot be infallible. 

That’s why it is so important to keep control even though your endpoints (users) are miles away. 

  • Insist on strong password practices.
  • Using multi-factor authentication (MFA) or at least long, complex passwords needs to be encouraged.
  • Upgrade all end users’ device software to the latest versions that are supported by the manufacturers. 
  • Monitor the devices remotely. 
  • Deliver updates for all software programs as well as most common third-party applications (Adobe, etc.). This helps to provide a stable foundation to every technology environment.
  • Run advanced detection tools that provide threat intelligence, threat hunting, security monitoring, incident analysis and incident response. This is unlike traditional antivirus that only provides alert-based security monitoring. 
  • Always seek in-person verification for any financial changes.  
  • Most importantly, develop a security mindset that considers security needs  first and foremost in all manners of business computing. 

Look at Your Data Like a Malicious Actor

Assume a malicious actor already has your data: What would they have? Are you still holding onto that payroll report, including Social Security numbers, from the day you started your business 10 years ago? 20? More? What about the emails for that loan you were trying to get last year? Is there company financial information enmeshed in them? And don’t forget about that file you created eons ago of all the passwords you or your employees use because they were too hard to remember. 

If a cybercriminal gets hold of any of these, they can be used to attack your business. Even if the data is older, criminals can use it to trick an employee into taking an action that provides access to your network (a process that’s called social engineering).

If you answered yes to any of the above, it’s time to make a clean sweep. Remove any truly unnecessary folders or files that could be attractive to a malicious actor. Remember the adage, “An ounce of prevention is worth a pound of cure.”

Think your small business is too small to be at risk? Think again. A few years ago, it was estimated that 28 percent of cyber crime was directed at small businesses. Now that number is closer to 50 percent. Being smaller may mean you have fewer resources to protect your business, but that just makes you all the more appealing to cyber criminals.

Talk to Your IT Support Team

Not sure what type of malware protection you have? Start that conversation today with your managed service provider or internal IT support team. There is no time to waste.

If you are already an Internos client, you know that we believe in using that ounce of prevention. That’s why we’re already using next generation antivirus solutions across all of the businesses we support. Want to understand it better? Just reach out, we’ll be happy to go over the particulars with you.And if you’re not an Internos client, think about becoming one. You’ll not only  get endpoint detection and response ( EDR), but dozens of other helpful and cost cutting ideas to help your business grow,  flourish and have the best protection available. Contact us or book a meeting, virtual or in person.

Jairo Avila Internos Group Miami Author Image

Jairo Avila

Jairo is the CSO of Internos Group and a partner. As senior client manager, Jairo connects our clients’ needs to our IT services so that it all flows together. With more than 23 years of experience in the IT industry, Jairo plays an essential role helping our clients develop a technology strategy and working with the Internos team to make sure everyone can breathe a little easier.

Use our Managed Service Provider Checklist to Find the Right

Our easy-to-follow checklist can guide you through the process of the best IT services provider for your business.

Are you a first-timer to IT support? Maybe you aren’t happy with your current MSP? This checklist will help you outline and define:

  • Your business goals for the next few years.
  • The stats that potential MSPs will need to work out a plan for your company.
  • The risk areas in your backup and cyber security practice.s
  • What you expect from your IT provider.
  • And more!