What is EDR and is it doomed to fail?

The term EDR (Endpoint Detection and Response), which entered cybersecurity vocabulary only a few years ago, puzzles customers who discover a market saturated with solutions to secure businesses. What exactly is EDR? How does it differ from classic antivirus and Endpoint Protection Platform (EPP)? Did he really solve the problems he was supposed to tackle? Let’s go back to the past of EDR and take a look at its present and its future.

Where does the acronym “EDR” come from?

EDR was invented by Anton Chuvakin (Gartner Blog Network) in 2013 to define a new set of tools and features for detecting malicious activity on endpoints. These tools then differed from existing security solutions because beyond the identification of malicious software, they sought rather to detect “abnormal” activities. Distinctly apart, their goal was to alert security experts so that they trigger more in-depth investigations) and not simply limit themselves to spotting and quarantining a suspicious file.

Why were EDR solutions created?

Before the advent of EDR solutions, most businesses relied on traditional antivirus protection that had reached its limits. In 2014, a Symantec executive told the New York Times that antiviruses were 49% ineffective. An admission, to say the least, surprising from an antivirus software publisher which, at the time, held 25% of the market share. The problem with traditional antivirus solutions was how they detected malicious files through signatures. This approach has, in fact, revealed several weaknesses.

First, hackers easily got around signature-based detection, adding extra bytes to files to change the hash or combining different techniques to encrypt strings, making binary analysis more difficult. . Then, determined to get their hands on the company’s data or IP, or even harm it with a lot of ransomware, they no longer limited themselves to accessing their victim’s disk and depositing malicious files there. Their tactics became sophisticated: they launched “fileless” attacks in memory, taking advantage of legitimate integrated applications and processes (using a LotL technique, Living off the Land) and compromising network security by appropriating user credentials through phishing techniques or stealing resources through crypto-mining. The antivirus solutions in place simply did not have the resources to deal with this new wave of techniques and procedures.

Endpoint Protection Platform (EPP) — traditional antivirus is trying to evolve

With their existence threatened, traditional antivirus solutions began to offer complementary services — firewalls, data encryption, data loss prevention (DLP) via device blocking — along with a host of other tools. interesting for IT administration without being focused on security itself. Regardless, fundamentally signature-based, this Endpoint Protection Platform (EPP) did not really solve the problem inherent in traditional antivirus.

Looking For the Best Endpoint Protection For Business then i would say Vcloud Tech is the Best Choice they are reliable and Cheap

The flaws have only multiplied over time. WannaCry, EternalBlue, NotPetya… causing considerable losses to victims. Subsequently, cyber attacks targeting Target, Equifax and Marriott Hotels, which took several months to detect, allowed hackers to steal personal data from a large part of Americans. Finally, the more recent attacks related to the emergence of nation-states, cyber warfare and the trade in hacking technologies on the darknet have made companies realize that they need something else: visibility.