What's new this week in the news for MSPs? Microsoft announces new cloud instances and security features; Google launches a cyber-insurance program; Microsoft initiates zero-trust focus for Azure; Exchange servers the target of HAFNIUM 0-day exploits; and DarkSide ransomware hits CompuCom MSP. Continue reading
We are excited to announce that the latest edition of CloudBerry Backup Desktop Free Edition now allows users to protect up to 5 TB of data when using Amazon S3! Continue reading
What's new this week in the news for MSPs? New mystery malware targeting Macs with Intel and M1 chips; SolarWinds hackers didn't launch attacks but downloaded code, says Microsoft; fake FedEx and DHL emails part of a phishing scam on Microsoft users; and ransomware attack hits Finnish IT services conglomerate TietoEVRY. Continue reading
As cyberattacks continue to grow in complexity and frequency, MSPs must grow their toolsets for managing security. Traditional tools like antivirus platforms and malware scanners remain important. But to identify and remediate fast-moving threats in modern environments, endpoint detection and response (EDR) platforms are critical, too. Indeed, in some cases you may wish to use EDR tools in place of antivirus software.
Keep reading for an overview of EDR, including how it works, how it’s different from antivirus and why MSPs should include EDR within their security toolsets.
What is Endpoint Detection and Response?
Endpoint detection and response, or EDR, is a category of security tools that detect and manage security threats by analyzing data collected from network endpoints. In other words, by monitoring network endpoints - meaning devices and other resources that are connected to a local network - EDR tools identify anomalies, insecure configurations and other issues associated with security problems.
Why Do MSPs Need EDR?
By taking a different approach to security, EDR provides MSPs with benefits that they can’t leverage from other tools:
- Proactive detection of insecure configurations: EDR helps technicians discover insecure configurations (like a device using default login credentials) as quickly as possible.
- Faster response time: By providing another layer of visibility and set of data points that help MSPs understand security incidents, EDR reduces the response time in handling an incident.
- Mitigating endpoint risks: Because EDR focuses on endpoints, it reduces the risk that an insecure endpoint will provide attackers with an open door into the network.
- Detect network intruders: If attackers elude other defenses (like firewalls) and establish a presence inside a network, EDR tools increase your chances of finding them. Without EDR, a compromised endpoint could go unnoticed.
All of these advantages are especially important given the complexity of modern cyberattacks, which increasingly rely on automation to deploy more complex attacks, as well as make attacks harder to detect. EDR provides MSPs with another tool in their battle against ever-intensifying cybersecurity threats.
Assess vulnerabilities and threats, network security, workspace and equipment security, documentation, and more. The pack includes:
- a ready-to-print PDF file
- an Excel file to help create a customizable assessment resource
Top EDR Features
EDR platforms vary somewhat in functionality, but all provide a core set of essential endpoint security monitoring and management features:
- Real-time monitoring: By analyzing data about the status of network endpoints, EDR tools can detect security-related events in real time.
- Advanced filtering: EDR tools can assess the risk of different events, helping your team to identify the highest-priority threats.
- Known attack vectors: EDR platforms maintain lists of known threats and vulnerabilities, such as risks associated with unpatched software versions, and can match attacks against them.
- Behavioral pattern analysis: Identifying advanced threats often requires interpreting complex behavioral patterns, which EDR tools are equipped to do.
- Diverse range of attack types: EDR tools can identify and respond to a variety of attack types.
- Real-time response: When EDR tools identify threats, they can respond instantly by, for example, blocking insecure hosts from the rest of the network.
Further reading Responding to Cyberattacks: 6 Top Tips
EDR vs. Antivirus: What's Different?
In some ways, EDR tools resemble antivirus tools, in that both types of solutions help to find and address threats. However, they are fundamentally different types of platforms, for several reasons.
One is the type of threats they can handle. Antivirus tools focus on detecting malware. EDR platforms can detect a wide variety of attacks, from malware exploits to traffic patterns that indicate a DDoS attack, to privilege escalation on endpoints.
Antivirus platforms also rely on less sophisticated means of detecting threats. They rely primarily on databases of known malware types, and scan environments for data that matches known malware. In contrast, EDR tools use advanced analytics techniques to interpret a wide set of data - such as endpoint operating system and application software versions, network traffic patterns and access control files - to detect threats.
Finally, antivirus tools are reactive. They identify threats after those threats are established. In contrast, EDR platforms can identify threats as they emerge. They can find an insecure endpoint as soon as it joins the network, for example, and block it before an exploit actually takes place.
Overall, then, EDR platforms are more advanced and sophisticated. When possible, choose EDR over antivirus tools. However, it's important to ensure you have the staff required to manage EDR tools, which are more complicated to deploy than simple antivirus solutions. You should also think about the size and configuration of the networks you have to manage. Smaller, simpler networks may be effectively managed with antivirus, whereas EDR's flexibility makes it a good choice for larger networks, or those that you expect to scale quickly.
EDR Tools and Software Overview
A variety of commercial EDR tools exist. Popular options include:
- Bitdefender EDR
- Kaspersky Endpoint Detection and Response
- Microsoft Defender for Endpoint
- Crowdstrike Falcon
- ActiveEDR by SentinelOne
If you offer managed security services and need to detect complex, fast-moving threats, EDR tools provide the flexibility and sophisticated analytics techniques necessary to help you do so. Although antivirus alone may be enough for managing the security of small networks, EDR is an increasingly critical part of MSP security toolsets.
Tracking and managing all of the devices connected to a modern network is hard enough. What's even harder, however, is keeping those devices secure. Each device is a potential gateway that attackers could exploit to gain unauthorized access to the network. What's more, attacks can easily expand from one device to others if devices are not properly secured. Continue reading
Once upon a time, business IT environments were relatively simple. They consisted of a few on-prem servers connected to a fleet of PCs. The number of hosts on the network was comparatively small, and network configurations were not particularly complex. Neither were endpoint monitoring and management needs, which could be handled manually. Continue reading
No matter how reliable your production VM environments are, don’t make the mistake of assuming they are failure-proof. Natural disasters, human errors, malware, and other threats could all erase virtual machines or make them unavailable. That’s why VM backup should be part and parcel of your data protection strategy.
Download our guide to learn about zero trust security model, and find out how to employ this concept to protect your network. Continue reading
Download this guide to learn the best practices to follow with regard to compliance standards and disposing of hardware in general, and how to provide your customers with IT asset disposal services. Continue reading
Building a managed backup service that works for your MSP business’s current needs is one thing. Devising a backup solution that will also allow your business to keep growing and meet the backup requirements of the future is another. Continue reading
Managing data backup and recovery on a large scale is challenging, no matter which types of clients MSPs support. Backing up healthcare data, however, presents a unique set of challenges, due both to compliance requirements like HIPAA and the volume of data that healthcare companies produce. Continue reading
Clients in the education industry may be willing to pay more for managed backup services, but they also demand top-notch reliability for their backups. At the same time, backup operations in this vertical must meet FERPA compliance regulations, which apply to much of the data produced by schools and other educational organizations. Continue reading
We’re teaming up with Huntress again to bring you another great event!
Even with good security in place, none of us are completely immune from cyberattacks and data breaches. And if it’s a matter of when (not if), you’d better have a proper post-boom response plan in place. Continue reading
While times are changing, and a move to cloud storage for backups is much more common, there are still some persistent myths percolating out there on the internets. Become a myth buster with David Gugick at MSP360 and Dan Tomaszewski at Everything MSP! Continue reading
Backup is no longer an optional service, it’s critical. A customer who loses important data is unlikely to be a customer for long. Selling backup services doesn’t have to be hard, and with the right approach and product selection, you can add value, provide insurance for customers, and be profitable at the same time. Continue reading