Next Generation Antivirus: Why Endpoint Protection Alone Is Not Enough

Once upon a time, we thought if we had antivirus software on our computers we were safe. Then came more comprehensive endpoint protection (EPP) that used that same antivirus to monitor all the devices on your network, including computers, mobile devices, servers and IoT devices. Now even that is not enough. What businesses today need is next gen antivirus solutions that include both EPP and endpoint detection and response (EDR). 

EDR adds a layer of cyber security by immediately responding  to potential threats and taking action to limit their spread and prevent them from damaging systems. We’ll take you through what makes Next Generation Antivirus (EDR) different and how to get your business on track with next gen antivirus strategies.

What Is EPP or Endpoint Protection?

EPP is the standard antivirus system for detecting known viruses  and malware. The EPP system compares the files found with files on a list of known malware files. There are many downsides of using this module alone:

• There is no protection for unknown threats. (If the items isn’t already on the list of known threats, they won’t be blocked by EPP.)
• There’s only a simple baseline protection for all endpoints.
• There are no proactive detections.
• It is based on decades-old methods.
• There is no protection for fileless attacks/in-memory exploits.

What Is EDR/Next Generation Antivirus?

Because endpoint detection and response (EDR) is an improvement over EPP, it is often called next generation antivirus (Next Gen AV). These platforms continually monitor for cyber threats and respond to mitigate them. 

They are  effective as a prevention against zero-day vulnerabilities. (A zero-day vulnerability involves a hacker taking advantage of an unknown or unpatched weakness for the first time). Examples of zero-day exploits include:

• A previously unknown vulnerability that is exploited. 
• A new or undetected malware.
• A known weakness that has not been previously exploited. 

Imagine a small hole in a backyard hose you rarely use. The hole would go undetected for a long time until you finally turned it on and saw the drips. Even then, you might not repair or replace it right away because you rarely use that hose. Now, if a snake made its way through that hose and into your house, you’d find a way to patch that hole pretty quickly. Vulnerabilities are a bit like that. They are often only discovered when cybercriminals figure out how to exploit them. So a zero-day vulnerability is that hole in your hose before the snake found it. A zero-day exploit is when that snake found a way into your house through the hole in the hose.

Organizations and websites track these, maintain lists of them, then release patches that will fix them. Once the patch is released, they are no longer considered a zero-day vulnerability.

Traditional anti-malware and antivirus software can only look for presently KNOWN weaknesses and therefore do not protect against zero-day exploits and vulnerabilities. Since zero-day attacks represent more than half of all malware attempts, or 57.8 percent, if you are ONLY using EPP, you are essentially in danger.

EPP  is a necessary security layer. EDR complements current endpoint protection and combines with EPP to provide a comprehensive antivirus solution. An EDR solution can be deployed without changing your current endpoint protection (EPP). It can be layered on top of your environment. 

Protect Your Business From Vulnerabilities

Vulnerabilities will always exist. People write the software. People access and use it. Since people are not infallible, software cannot be infallible. 

Here are some tips for keeping control, even if your endpoints (users) are miles away: 

• Most importantly, develop a security mindset that considers security needs first and foremost in all manner of business computing. 
• Insist on strong password practices and multi-factor authentication (MFA). Discourage use of birthdates, anniversaries or some other employee-based statistic. Have all employees (especially management)  create unique passwords using at least eight letters/numbers/symbols. Learn more about password management.
• Upgrade all device software to the latest versions that are supported by the manufacturers. 
• Monitor the devices remotely. 
• Deliver updates for all software programs as well as most common third-party applications (Adobe, etc.). This will help every technology environment to provide a stable foundation.
• Run advanced detection tools that provide threat intelligence, threat hunting, security monitoring, incident analysis and incident response. 
• Always seek in-person verification for any financial changes.  

Look at Your Data Like a Malicious Actor

Pretend some malicious actor has already gained access to your data.  What would they have? 

• Payroll reports, including Social Security numbers, from the day you started your business 10 years ago? 20? More? 
• Emails for that loan you were trying to get last year or even five years ago ? Is there company financial information embedded in them? 
• What about that file you created forever ago with all the passwords you or your employees use because they were too difficult to remember?

These types of information and/or files are the keys cybercriminals use. Sometimes they are the master key and sometimes criminals need a combination of them, but eventually they will get the right blend that opens the door for them to attack your business. Even if the data is very old, criminals use it to trick employees into taking an action that provides access to your network. (That’s called social engineering.)

It’s time to clean house. Remove any truly unnecessary folders or files that could be attractive to a malicious actor.  Better safe than sorry.

And don’t get fooled into thinking that your small business is too small to be a risk. Cyber crime against small businesses had grown from 28 percent a few years ago to about 50 percent today.  Because you’re smaller, criminals assume you have fewer resources to protect your business and that makes your business more  appealing to them.

Next Generation Antivirus (EDR) Support

Start that conversation today with your current managed service provider or your internal IT support team. Make it a priority as your data security is paramount to continuing a successful business.Don’t have an internal IT team or just want a second opinion? Reach out to us for a free consultation. We will be happy to discuss your business IT and cyber security challenges. Contact us or book a meeting online.