What is EDR?
EDR stands for Endpoint Detection and Response. It is a comprehensive security product that protects your computer from viruses, ransomware, and other malware.
- Scanning currently running processes for malicious activity and behavior.
- Stopping those processes.
- Quarantining any malicious files.
- Isolating the device to keep it off your network.
- Rolling back the device to a time before the infection to being your system to an uninfected state.
These actions will stop the spread of the infection, protect the infected machine, and provide remediation and rollback.
What is the difference between EDR and traditional AV?
Traditional AV uses virus definitions to combat the malware. This allows them to fight and remove known viruses. Malware coders and hackers continually modify code enough to avoid detection. Since traditional AV is reactionary, hackers are able to stay one step ahead and leave companies vulnerable.
EDR products respond to processes that are performing malicious activities in real time and takes actions against those to kill and contain the threat. EDR products do not rely on a constant list of definitions to perform their job, it is essentially AI programmed to detect, contain, and remediate these threats.
What is next?
If you are looking to keep your company as secure as possible with a system that will monitor the process and take actions to protect your entire network, this is a solution that might fit your security and compliance needs. Please contact schick@attechnology.com or Contact Us | AT technology, Inc.
Recent Comments