There are two different types of endpoint protection in today’s cybersecurity landscape. While either is better than no protection, it is important to know the difference, and which provides the better protection for the computers in your network.
Traditional AV
When most people think of antivirus software they are normally thinking of traditional AV. This is a software that, when installed on a computer, will scan all files on a PC harddrive and look for known signatures of malware or viruses. The upside to this software is that it is light weight and can be installed and running with minimal impact on the user. The downside is that scans only happen at predetermined intervals (unless run manually by a user) and can only be as effective as the signature file the scan is referencing. This means that if a virus is a zero-day attack or the signature file is not up to date malware can slip between the cracks.
EDR
EDR or endpoint detection and response software is a different protection model from Traditional AV. Where Traditional AV is an interval scanning based toolkit the EDR is a constant monitoring software. It uses AI and behavioral based algorithms to determine whether software that is running on your PC is conforming to what it is supposed to be doing and if it detects an anomaly will shut it down and analyze what it is doing. This is a much more secure method of keeping a PC safe. It is also the only method to protect a device from a zero-day attack since it is not dependent on a file of known signatures to make its determination of whether software is nefarious or not. This does come at the price of taking more processor and RAM resources which can slow a PC down.
Recommendations
We at eData would recommend to our potential clients to utilize the extra protection afforded by EDR as opposed to Traditional AV. Although both products are focused on protecting PCs from viruses and malware, the benefits of constant monitoring as well as avoiding pitfalls such as old definitions and interval scans make the slight increase in resource load caused by EDR well worth it. Hopefully this short article clears up some of the confusion and guides you when making a choice of what to install on your systems.
For more information please reach out to us at [email protected].