top of page
  • Kevin Smith

Antivirus or EDR?

Antivirus software is as common and understood as spreadsheet software. Most people know that it exists, how to install and use it at a basic level, and that it is supposed to protect a computer from viruses. What many people may not understand is that Antivirus software is more like an inoculation - it can block viruses it knows about but is not very good at blocking new, unknown viruses, or other types of threats that don't fit the definition of "virus" well. EDR, which stands for Endpoint Detection and Response, is a more modern approach to solving the problems of sophisticated new malware and other threats such as Ransomware and zero-day vulnerability.

Today's threats come in many forms and from many sources. An infection can start from a malicious hidden source on a USB drive or other connected device, from email attachments, from viewing an otherwise innocuous picture, or visiting a web site that tricks a visitor into running a desirable software download that has a malicious payload. In order for an Antivirus software to prevent the threat from causing problems it must know about the threat head of time, from the definitions it downloaded the last time it checked for updates. An EDR will take this a step further and can completely lock down a computer (this is an available though very intrusive option), or look at what a software is attempting to do and based on this can allow, pause, or delete the software as well as raise alerts to security analysts. It can also prevent fileless threats such as script injections which can make a lot of changes to a computer without ever running as a lone process and without leaving any trace since the script is only established in memory and can disappear when done.

Because of the constant threat of malicious code, the growing profitability of Ransomware scams, and the constantly connected nature of our society, it is extremely important to protect your business and even your personal devices with protection such as EDR that can handle these threats in real time. This protection, combined with proper access and backup plans, can prevent data loss that can ruin businesses.

eSmith has partnered with Bitdefender and SentinelOne to offer the best in protection to our customers.

25 views0 comments


bottom of page