Antivirus programs, otherwise known as Endpoint Protection, have been around for decades but they don’t protect like they once did. Unfortunately, cybercriminals are using far more advanced tactics than they did in years gone by. As of 2018 only 30% of data breaches included the use of malware.
While traditional Antivirus software will detect and attempt to remove malware, it falls short in the area of detecting strange behaviour on a system. This is where the new breed of protection comes in, Endpoint Detection and Response (EDR) software.
EDR software will monitor how the programs running on your computer, server or network are behaving and if they start to behave in an anomalous way, it can shut them down before damage is done.
EDR is designed to protect against the following which traditional Antivirus might miss.
EDR can detect ransomware due to the way it behaves however traditional AV may not know about that ransomware.
Zero-day attack events
Zero-day attacks are attacks that occur immediately after the weakness is discovered. This gives the attackers a window of time to attack before traditional Antivirus can be updated to detect it.
Windows tool exploits
This type of attack does not use a malware file but rather attacks using legitimate Windows software tools. AV wont detect this as there is no malicious code to detect.
Because Endpoint Detect and Response software examines behaviour it doesn’t really matter what type of file is used for an attack because it is looking at malicious behaviour or strange behaviour and can block that behaviour before it causes damage.
While antivirus is still important and has its place, it should be coupled with EDR and at Forsythes Technology, our Security Team is ready to discuss with you the appropriate EDR software for your environment. Give us a call today on 1300 766 661.