What is Endpoint Detection and Response?

17 October 2022

What is endpoint detection and response (EDR) and why is it important?

Endpoint security or endpoint protection refers to the practice of securing a user’s devices – ‘endpoints’ – from cyber threats. Detection and response refers to a software that can be used to pick up potential threats and then act accordingly, while making the user manager aware. 

Endpoint security software, commonly known as mobile device management (MDM), is commonly used for laptops, desktops and tablets. As well as these, other business endpoints should be considered too – such as printers and smart watches. 

Employees using different devices to connect to a network or the cloud for business purposes should have endpoint detection and response to protect the organisation from hackers. The more devices employees use to access work information, the more vulnerable the business is to cyber threats.

The importance of mobile device management for SMEs

Although many SMEs struggle to budget for cyber security, the consequences of just one cyberattack could be devastating.  57% of SMEs in Europe said that if a cyber attack were to happen in their business, they would likely go out of business – according to the European Union Agency for Cybersecurity. 

The business landscape today is facing more and more threats from cyber criminals. A Clark School study completed at the University of Maryland found that hacker attacks occurred every 39 seconds on average, on a desktop. The study found that the majority of attacks came from guessing logins. However, more sophisticated attacks can put business mobiles and other devices at serious risk of breaches. 

The use of endpoint detection and response for remote working

With remote working now vastly popular across the world, more businesses are relying on a variety of devices to operate. Endpoint security software allows cybersecurity professionals to secure a device from anywhere. This means that client software can push updates where necessary, authenticate login attempts and block potential threats of each endpoint.

Some Endpoint Protection Platforms offer a Endpoint Detection and Response (EDR) service. This means more advanced threats can be picked up and monitored. 

EDR software, sometimes referred to as endpoint protection and threat response, constantly monitors endpoints for potential cyber threats in real time. Equipped with advanced threat detection, endpoint detection and response can automatically respond to threats – as well as notifying the chosen admin. In-built data analysis tools also allow the system to pick up patterns from threats, while researching suspicious activities. 

Is endpoint protection the same as antivirus?

Although the two are often compared, antivirus software is intended as a prevention for endpoint security. Antivirus picks up various malware activities and only covers a single device or endpoint. EDR picks up a variety of different security attacks that can be highly advanced, then detects and blocks them before they manage to make any damage. EDR will also notify the selected admin of any threats. 

Choosing between antivirus and endpoint detection and response is based upon a number of factors: 

  • The number of devices used in your business 
  • The size of your organisation (how many remote workers in the business)
  • Business policies e.g. if people are using their personal devices for work purposes. 

Small businesses commonly make the wrong choices when it comes to investing in cyber protection. Something to consider is that the level of security vastly differs depending on which antivirus software a business chooses to use.

The good news is that endpoint protection gives a more holistic approach to cybersecurity by offering protection from different types of threats and attacks. Antivirus is just one facet of an endpoint protection platform.

What is Symantec endpoint protection? 

Symantec endpoint protection is a personal protection firewall that protects devices from hackers and threats that gain access through the internet. It’s one choice of endpoint protection for small businesses, and allows a single administrator to control policies for different devices and get sent security alerts. 

This type of endpoint protection contains antivirus and antispyware, as well as a number of protective services that can protect numerous devices used for business purposes. However, there is other endpoint protection software available – choosing the right one depends on: 

  • Whether you need cloud-based or on-site protection
  • How you would like the security to be monitored 
  • What devices you need protecting and how many 
  • You current cyber security infrastructure

Book a call

A managed service provider, such as Croft, can help you decide the best type of cyber security solution for your business. Like other tech infrastructure, there’s no one size fits all cyber security approach. Creating bespoke solutions will keep the cost down for your business, as well as giving you the flexibility to change your contract as you grow.

To discuss your cyber security options, and receive a no obligation review of your current tech infrastructure, please contact us using the form below.