Antivirus vs EDR solutions

What is antivirus?

Antivirus solutions are designed to detect and remove and/or quarantine viruses, tojans, and malware by using a signature file and looking for those signatures within your files. Antivirus programs also have a real-time scanner which will look for those same signatures as your files are being written to disk.

With this real-time scanner, antivirus solutions can also monitor for other signs of malware, such as emails, web pages, and in some cases network traffic.

There are a couple of things to note when it comes to antivirus solutions. One is that the antivirus solution typically can only detect viruses/malware based on the signatures that it is aware of. This is particularly hazardous when new viruses are created and released into the wild before your antivirus vendor has found the signature of that virus and updated their signature files and have them updated on your PC.

The other thing to note is that typically, antivirus solutions are reactive. Once it has detected a virus on your PC based, on those signatures that was mentioned above, it can attempt to remove it and alert you or your IT staff of the issue.

What is EDR?

EDR stands for Endpoint Detection and Response. EDR solutions will typically have several different engines that can do a number of things. Like the antivirus solution, EDR solutions also have signature files so that they can detect viruses and malware on your PC, but that is just one engine of several.

Another engine in an EDR solution is to monitor the behavior or all the applications that are running on your system. This type of monitoring typically looks at every app/executable that is running and monitors exactly what that executable is doing. If that executable is doing something bad or appears to be doing something that is suspicious on your PC, it will respond to that behavior by stopping the executable in it’s tracks immediately and warning the user or the IT department.

There is also a cloud-based engine that helps to monitor your PC for real-time threat protection. Based on attacks that are happening all over the world, your EDR vendor can put together all that data to help protect your PC as well. These attacks have a pattern and that pattern can then be recognized by all other clients who utilize the cloud-based engine in their EDR solution.

Most EDR solutions have a really good remediation and recovery engine. It achieves this because most EDR solutions will keep a log of everything that every app is doing (that behavior monitoring we talked about) and if something starts doing something bad or malicious on your PC, you can, most times, remediate what the malicious software has done. For instance, with ransomware, the malicious executable will start encrypting your files, and it could get through a few files before the EDR solution stops the process. You can attempt to remediate this to bring the files back to a normal state, but in the event you can’t remediate, you can recover the file where the EDR solution can roll back the file to a state from before the malicious executable even started running. This makes it a very powerful tool.

So should I use an EDR solution or a Antivirus solution?

Well, that depends on a few factors. Due to the complexity of an EDR solution, the cost is typically higher and they typical are not for sale to consumers but only to businesses and enterprises. This is due to the amount of options that are built into them and the amount of expertise that is generally required to configure your EDR solution correctly or configured to achieve the best possible protection for your setup.

Antivirus solutions on the other hand can be found online and in some tech retail locations like Best Buy. These are configured to be user friendly and to provide the typical end user with a good deal of protection because of the limited amount of usage that a home user is going to have on a machine. There are also business grade antivirus solutions that have quite a few more options for businesses and can be deployed very easily across an entire network.

So should you use an EDR solution vs an Antivirus solution? If you’re a business customer, then I would definitely recommend that you use an EDR solution for it’s powerful monitoring, detection, and response capabilities. If you’re a home user with a couple of PCs that you are wanting to protect, then an antivirus solution may be enough. If you’re doing online banking or financial transactions online, then you may want to work with a provider to get an EDR solution for the behavior and cloud based capabilities to help you remain safe online.

How can one purchase an EDR or Antivirus solution?’

As I stated above, most antivirus solutions can be purchased directly from a tech store or online from a number of vendors. I would recommend that you do some research because not all antivirus solutions are the same and some can protect you better than others.

If you would like more information on a particular solution, or you would like to purchase an EDR or Antivirus solution for yourself or your company, please give us a call and we’d be happy to demo and set you up with either solution that works best for you.

Leave a Reply

Your email address will not be published. Required fields are marked *