With an increasing number of IT executives concerned about the impact and legal ramifications posed by the threats of advanced malware and a decreasing level of confidence in their ability to combat or detect these threats, endpoint detection and response (EDR) solutions have quickly become essential for businesses looking to manage cybersecurity risk.
What does antivirus software do?
Antivirus software helps protect your computer against some malware by using a singular approach to identify known malicious programs. Antivirus software looks at files and, in some cases, sections of code within these files to match against a known signature. Antivirus looks for known threats and monitors the behavior of all programs, flagging any suspicious behavior. Additionally:
- Antivirus software looks for “known bad” or signatures — programs that exactly match the signature of previously identified viruses.
- Antivirus software looks for, in some cases, sections of code within these files to match against a known signature.
- Antivirus software typically performs a full scan on installation and then scans any file when accessed.
- Antivirus software can be configured to completely overlook files and folders, so it is critical that it be configured correctly.
- Antivirus software is completely reliant on the definition provided by the vendor.
Why is this a problem?
Less than 10% of all malware is categorized as a virus, and there are categories of malware that antivirus software simply cannot detect and/or stop. The majority of malware today is considered a hybrid (typically a combination of Trojans and worms) designed specifically to evade detection by antivirus, firewalls and other common approaches to prevention. Antivirus is simply a one-trick-pony, and cybercriminals know it.
How is malware detected?
Because most malware today leverages hybrid approaches, security tools must also use a hybrid approach to detection. Effective solutions like the best EDR solutions don’t rely on a single approach, but instead utilize multiple methods for detecting malware and malicious actions within your environment such as: signature-based detection, heuristic-based detection, behavioral-based detection, sandbox detection and data mining techniques.
What are some other benefits of EDR?
In addition to device and behavioral protection, EDR offers real-time visibility across all your endpoints, threat database/threat feeds with multiple detection mechanisms, and machine learning to help you combat threats. EDR is also a cloud-based solution, which allows for flexibility and efficiency while providing a fast response to detect and stop threats in their tracks.
The threats to your organizations extend beyond malware. EDR can help combat:
- Misuse of legitimate applications (PowerShell, WMI, MSHTA)
- File-based attacks (Microsoft Office, Adobe PDF, etc.)
- Unwanted software (browser toolbars, PUPs)
- Insider threats (malicious employee, compromised credentials, accidental release of data)
- Suspicious user activity
If you have questions about your business’ cybersecurity, a great first step is a security posture review. Our team of cybersecurity experts will take an in-depth look at your processes and technology to reveal any potential gaps along with steps to remediate and make your business more secure. Learn more about the security posture review at corsicatech.com/posture or give us a call at (877) 901-2022.
Delano Collins is the Vice President of Corsica Cybersecurity, LLC, a security solutions provider specializing in monitoring, audits, assessment and incident response. With a background in the banking industry, a former CIO, ISO and more than 25 years of experience in the technology sector, Delano has spent his career specializing in cybersecurity, compliance and secure network design.