The value of EDR vs Antivirus software in 2023
Many people still talk about ‘antivirus software’ as the solution to all cyber attacks, but that’s no longer strictly the case.
For example, a phishing attack may involve a fraudulent email, a spoofed web page or a misleading link to deceive an individual into revealing their password – all without installing any viruses or malware on the computer or network.
Modern cyber security systems are actually scanning for far more than just viruses like the old-school worms and Trojans of the 1990s and early 2000s.
Comprehensive coverage comes in the form of EDR: Endpoint Detection & Response. This is ongoing monitoring of your network ‘endpoints’ (i.e. workstations and servers) to prevent hacks and attacks from gaining access via any method.
What is EDR in cyber security?
The name originated as Endpoint Threat Detection & Response (ETDR) and was chosen by Gartner security research vice-president Anton Chuvakin in a blog post dated July 26th 2013 – making this summer its tenth anniversary.
Chuvakin noted at the time that “some may argue that the ‘endpoint’ label may be seen as applicable to workstations and not to servers” but that for the sake of a brief label, “this minor loss of precision seems acceptable”.
“Others will say that four words is already too long,” he joked – and he was right. By 2015 the ‘T’ had been dropped from the acronym, making it EDR as we know it today, but the definition and the technology behind ETDR and EDR tools are the same.
Some use cases of EDR tools
Chuvakin outlined a variety of potential use cases of EDR tools and for endpoint visibility tools in general installed on end-user workstations:
Search current and historic system state
Scan for ‘known artifacts’ including threats
Anomaly detection and risk scoring
Rule-based detection (e.g. follow-up to a previous incident)
Intelligence-based detection
Anomaly reports for manual intervention
He described these anomaly reports as “threads to pull” for further investigation, an indication of the much wider reach of EDR as a way to rigorously defend endpoints through a combination of automated cyber security and manual responses to identified risks.
Types of cyber attacks against UK businesses
The UK government’s Cyber Security Breaches Survey 2022 shows the types of cyber attacks against UK businesses in recent months.
Viruses, spyware and malware NOT including ransomware now impacts just one in eight businesses, with 12% reporting that they had detected a threat of this type on their systems in the last 12 months. A further 4% had suffered a ransomware attack.
The most common cyber threats against UK businesses did not involve malware at all:
83% reported phishing attacks
27% reported spoof emails or websites
10% reported denial of service attacks
8% reported hacking of online bank accounts
8% reported takeover of users’ or organisation’s accounts
A small number of businesses also reported snooping, including unauthorised access of files or networks by third parties (2%), unauthorised access by staff (1%) and unauthorised spying on instant messages or video calls (1%).
In summary…
The cyber threat landscape in the UK is more complex than ever and increasingly, attacks rely on human error (e.g. phishing and spoofing) rather than on a machine’s vulnerability to malware.
For businesses, comprehensive EDR tools tackle both types of attack at once, protecting your endpoints – your end-user workstations and branch office servers – against a sophisticated suite of cyber threats, based on automated and rule-based detection.
To find out more about why EDR offers much more value than antivirus software alone, speak to APH today.