With hackers and malware writers seemingly hiding behind every URL, the need for endpoint detection and response has never been greater. In fact, market analysis firm Gartner has forecast that EDR sales will continue to grow by more than 40% a year.
The top vendors of EDR software range from established leaders in enterprise security such as McAfee, Trend Micro, Symantec, and Sophos to relative newcomers such as Cynet and SentinelOne. Each has a different way of dealing with threats, but one thing is common: The EDR has one or more software agents that watch over the computer and archive all its actions. These agents keep track of the computer's data, monitor it for malware, and record everything the computer does. EDR software that has consolidated to a single agent often gives the benefit of simplicity, ease of installation and maintenance, and extra performance.
The key to success with EDR is to maintain a low profile on protected systems. In fact, EDR works best when it doesn't interrupt the daily use of the computer and data but is always ready to pounce on a threat when needed.
It can be a tough balance to find. If you're too compulsive, the heavy hand will make employees feel like they're working in a prison, but with too little attention, malware can slip onto a computer, potentially infecting your network and entire company. Each company needs to find its own equilibrium between safety and the ability to get the job done.
That's where next-generation antivirus protection comes in. It not only goes after the traditional malware threats but can detect common attacks as well as those below the surface. With threats hidden in scripts or the system's startup commands and fileless attacks that exist only in the computer's memory, an exploit might even be packaged in two or three separate pieces of harmless software that together form an attack.
In a world where we don't know what threats tomorrow might bring, next-gen protection is mandatory. It's all based on advances in artificial intelligence and machine learning that can spot rogue behavior early enough in the infection process to stop it, quarantine the sample and restore the system's files.
A key point about machine learning in this context is that the EDR improves its detection abilities as it gains more data about threats, how employees work and the threat landscape in general. The quicker and more accurately this trigger is pulled, the better it will fit into a company's way of doing business.