Change layout
News You Might've Missed

News You Might’ve Missed. 22 – 26 Feb

News You Might’ve Missed. 22 – 26 Feb

What's new this week in the news for MSPs? New mystery malware targeting Macs with Intel and M1 chips; SolarWinds hackers didn't launch attacks but downloaded code, says Microsoft; fake FedEx and DHL emails part of a phishing scam on Microsoft users; and ransomware attack hits Finnish IT services conglomerate TietoEVRY. Continue reading

Don’t miss new articles!
Thank you for subscribing!
Don’t miss new articles!
Thank you for subscribing!
Endpoint detection and response

Endpoint Detection and Response (EDR) Explained

Endpoint Detection and Response (EDR) Explained

As cyberattacks continue to grow in complexity and frequency, MSPs must grow their toolsets for managing security. Traditional tools like antivirus platforms and malware scanners remain important. But to identify and remediate fast-moving threats in modern environments, endpoint detection and response (EDR) platforms are critical, too. Indeed, in some cases you may wish to use EDR tools in place of antivirus software.

Keep reading for an overview of EDR, including how it works, how it’s different from antivirus and why MSPs should include EDR within their security toolsets.

What is Endpoint Detection and Response?

Endpoint detection and response, or EDR, is a category of security tools that detect and manage security threats by analyzing data collected from network endpoints. In other words, by monitoring network endpoints - meaning devices and other resources that are connected to a local network - EDR tools identify anomalies, insecure configurations and other issues associated with security problems.

EDR tools’ focus on endpoints makes them different from tools that simply control network traffic (like firewalls) or scan data for malware (like antivirus tools).

Why Do MSPs Need EDR?

By taking a different approach to security, EDR provides MSPs with benefits that they can’t leverage from other tools:

  • Proactive detection of insecure configurations: EDR helps technicians discover insecure configurations (like a device using default login credentials) as quickly as possible.
  • Faster response time: By providing another layer of visibility and set of data points that help MSPs understand security incidents, EDR reduces the response time in handling an incident.
  • Mitigating endpoint risks: Because EDR focuses on endpoints, it reduces the risk that an insecure endpoint will provide attackers with an open door into the network.
  • Detect network intruders: If attackers elude other defenses (like firewalls) and establish a presence inside a network, EDR tools increase your chances of finding them. Without EDR, a compromised endpoint could go unnoticed.

All of these advantages are especially important given the complexity of modern cyberattacks, which increasingly rely on automation to deploy more complex attacks, as well as make attacks harder to detect. EDR provides MSPs with another tool in their battle against ever-intensifying cybersecurity threats.

IT Security Assessment Checklist

Assess vulnerabilities and threats, network security, workspace and equipment security, documentation, and more. The pack includes:

  • a ready-to-print PDF file
  • an Excel file to help create a customizable assessment resource

Top EDR Features

EDR platforms vary somewhat in functionality, but all provide a core set of essential endpoint security monitoring and management features:

  • Real-time monitoring: By analyzing data about the status of network endpoints, EDR tools can detect security-related events in real time.
  • Advanced filtering: EDR tools can assess the risk of different events, helping your team to identify the highest-priority threats.
  • Known attack vectors: EDR platforms maintain lists of known threats and vulnerabilities, such as risks associated with unpatched software versions, and can match attacks against them.
  • Behavioral pattern analysis: Identifying advanced threats often requires interpreting complex behavioral patterns, which EDR tools are equipped to do.
  • Diverse range of attack types: EDR tools can identify and respond to a variety of attack types.
  • Real-time response: When EDR tools identify threats, they can respond instantly by, for example, blocking insecure hosts from the rest of the network.

Further reading Responding to Cyberattacks: 6 Top Tips

EDR vs. Antivirus: What's Different?

In some ways, EDR tools resemble antivirus tools, in that both types of solutions help to find and address threats. However, they are fundamentally different types of platforms, for several reasons.

One is the type of threats they can handle. Antivirus tools focus on detecting malware. EDR platforms can detect a wide variety of attacks, from malware exploits to traffic patterns that indicate a DDoS attack, to privilege escalation on endpoints.

Antivirus platforms also rely on less sophisticated means of detecting threats. They rely primarily on databases of known malware types, and scan environments for data that matches known malware. In contrast, EDR tools use advanced analytics techniques to interpret a wide set of data - such as endpoint operating system and application software versions, network traffic patterns and access control files - to detect threats.

Finally, antivirus tools are reactive. They identify threats after those threats are established. In contrast, EDR platforms can identify threats as they emerge. They can find an insecure endpoint as soon as it joins the network, for example, and block it before an exploit actually takes place.

Overall, then, EDR platforms are more advanced and sophisticated. When possible, choose EDR over antivirus tools. However, it's important to ensure you have the staff required to manage EDR tools, which are more complicated to deploy than simple antivirus solutions. You should also think about the size and configuration of the networks you have to manage. Smaller, simpler networks may be effectively managed with antivirus, whereas EDR's flexibility makes it a good choice for larger networks, or those that you expect to scale quickly.

EDR Tools and Software Overview

A variety of commercial EDR tools exist. Popular options include:

Conclusion

If you offer managed security services and need to detect complex, fast-moving threats, EDR tools provide the flexibility and sophisticated analytics techniques necessary to help you do so. Although antivirus alone may be enough for managing the security of small networks, EDR is an increasingly critical part of MSP security toolsets.

Endpoint Security Monitoring

Guide to Endpoint Security Monitoring

Guide to Endpoint Security Monitoring

Tracking and managing all of the devices connected to a modern network is hard enough. What's even harder, however, is keeping those devices secure. Each device is a potential gateway that attackers could exploit to gain unauthorized access to the network. What's more, attacks can easily expand from one device to others if devices are not properly secured. Continue reading

Endpoint Monitoring

Introduction to Endpoint Monitoring and Management

Introduction to Endpoint Monitoring and Management

Once upon a time, business IT environments were relatively simple. They consisted of a few on-prem servers connected to a fleet of PCs. The number of hosts on the network was comparatively small, and network configurations were not particularly complex. Neither were endpoint monitoring and management needs, which could be handled manually. Continue reading

DTC Success Story

How a Maryland MSP Achieved HIPAA Compliance for Healthcare Backup with MSP360

How a Maryland MSP Achieved HIPAA Compliance for Healthcare Backup with MSP360

Managing data backup and recovery on a large scale is challenging, no matter which types of clients MSPs support. Backing up healthcare data, however, presents a unique set of challenges, due both to compliance requirements like HIPAA and the volume of data that healthcare companies produce. Continue reading

GGNET Technologies Success Story

MSP360 Helps a Chicago MSP to Offer FERPA-Compliant Backup for Schools

MSP360 Helps a Chicago MSP to Offer FERPA-Compliant Backup for Schools

Clients in the education industry may be willing to pay more for managed backup services, but they also demand top-notch reliability for their backups. At the same time, backup operations in this vertical must meet FERPA compliance regulations, which apply to much of the data produced by schools and other educational organizations. Continue reading

Webinar header

How MSPs Can Maximize Profit and Success with Backup Services

How MSPs Can Maximize Profit and Success with Backup Services

Backup is no longer an optional service, it’s critical. A customer who loses important data is unlikely to be a customer for long. Selling backup services doesn’t have to be hard, and with the right approach and product selection, you can add value, provide insurance for customers, and be profitable at the same time. Continue reading