publish date: December 1, 2022
Such a dangerous world we live in! While the dizzying proliferation of biological viruses like coronavirus and monkeypox are certainly concerning, the host of virtual viruses in the form of malicious computer code continues to demand attention. The frequency of cyberattacks seems to be ever increasing with no signs of a slowdown. Just as a healthy diet and proactive medical care are important to protect our bodies, a strong antivirus solution is de rigueur when it comes to protecting our data and systems. So what exactly is a strong antivirus solution today? Things have changed much in recent years…
Antivirus and Next-Gen Antivirus are considered the base layer of information security. These provide protection against known attacks, meaning that when someone in the world is infected by a virus or malicious software (malware), a security team reverse-engineers the malicious code and creates a definition file to identify and stop this same attack in the future. Next-Gen Antivirus (NGAV) takes this one step further by learning the normal patterns/behaviors of the system to detect anomalous behavior. This leads to greater efficiency and often reduced performance impact on the machine while maintaining a similar level of defense.
So, it sounds like NGAV does a pretty good job and is a smart solution, so where does Endpoint Detection and Response (EDR) come into play and provide additional valuable security? EDR is primarily focused on gathering and analyzing security threat-related information from workstations or other endpoints to find indicators of compromise (pre-breach indicators). By gathering information from things like log files and configurations, EDR can combine this data with behavioral analysis (or what’s normal) of the system and therefore be more effective, protecting against emerging threats such as malware and ransomware.
As the name indicates Managed Detection and Response (MDR) is an improvement over EDR because it is a managed solution, which means there is an additional layer of intelligence behind the solution, usually in the form of a 24/7 human-staffed Security Operations Center (SOC). MDR utilizes the information gathered via the EDR system and provides active 24/7 threat monitoring, detection, and some level of remediation service such as guidance or system isolation to contain and prevent the spread of cyber-attacks.
In today’s rapidly evolving tech landscape, businesses need a trusted partner to help them make sense of the risks and the risk management tools. Intellicom maintains a sharp focus and certified expertise with a variety of technologies that you can use to help achieve your business objectives. Contact us today to learn more.