Security Controls 101: EDR

This stuff reminds me of the old comic in Mad Magazine called Spy vs. Spy. EDR is like the good spy watching constantly what the bad spy is doing so he can prepare and defend.

Scott Bateman, CEO @ Paradigm Risk

Endpoint Detection and Response (“EDR”) is the next evolution of antivirus software. It watches all behavior on an endpoint (which could be a computer or server), not just potentially bad behavior. One other consideration is who watches and reacts to the issues that EDR identifies? More robust security will combine EDR with a 24x7 (“butts in seats”) security team who is investigating alerts immediately.

Three useful features of EDR:

1. Endpoint Visibility:

Real-time visibility across all your endpoints allows you to view all activities, such as a hacker getting into your business, and stop them immediately. This data is also helpful for an incident response team to identify what parts of a network a hacker may have accessed.

2. Threat Database:

Effective EDR requires massive amounts of data collected from endpoints to be combined with analysis (using AI, humans, pattern matching, and other techniques). This data is then used to watch for the latest hacking techniques and other suspicious activity.

3. Behavioral Protection:

Relying solely on traditional antivirus (signature-based & “next generation) methods lead to the “silent failure” that allows breaches to occur. Effective EDR instead looks at all behavioral combined for indicators of attack, so you are alerted of suspicious activities before a compromise can occur.


Two popular EDR solutions include SentinelOne and Huntress, however many carriers have a preferred list that may be required.

How EDR helps with Cyberinsurance

More and more carriers are emphasizing the importance of EDR when evaluating risks (i.e. your business). EDR is especially important for high risk businesses, such as ones that have filed a claim before. Some carriers also will ask if you have 24x7 monitoring of the EDR software.

Ready to talk more about cyberinsurance, cybersecurity, and EDR? Contact us today.

Previous
Previous

Security Controls 101: Backups

Next
Next

Key Security Controls