Recently, you may have heard of the phrase EDR (Endpoint Detection and Response) being thrown around when discussing security products, but what does EDR mean for you and your business? Well, we’re about to find out!
What is EDR?
To put it plainly, Sophos Intercept X Advanced with Endpoint Detection and Response (or EDR) is an award-winning security solution built upon the framework of the Sophos product that so many of us use to protect our networks.
If we want to look at this simply, the best way is to imagine it as a tower of building blocks. You don’t need all of them to make a tower, but the more you have, the stronger your tower. Well, it’s the same for your network security. Here are the building blocks you need to secure your network against threats:
Endpoint Protection; This is the more “traditional” anti-virus that detects and blocks threats in real-time. This is the base block, which every business should already have. It is constantly looking at what is happening and checking it off against a list of known attacks.
Intercept X; This is your anti-ransomware protection. This comes in the form of AI and Machine Learning driven technology, which knows what your device should look like if you are working as usual. When you’re not, a technology called CryptoGuard detects any encryption attempt and will try to reverse any encryption that has already taken place. This is your backstop and a way to protect yourself from unwanted changes that could harm your network and your machine.
EDR (Endpoint Detection and Response); This enhances the ability to analyse an attack and see what happened, if the threat has spread to other devices and if any data has been lost. This is less about what is happening and stopping it, and instead, it is more about validating how safe you were following an attack. I can hear you thinking, “Well, that’s just counterintuitive, why would that help me?”. To answer that simply, we need to look at GDPR and the requirement to report breaches.
These elements combined provide you with complete protection. You can protect your data, and then you know that if something happens, you can make a report on what took place. Protection like this is second to none when facing today’s attackers, who are operating in an ever-changing threat landscape.
How does it work?
Sophos Intercept X Advanced with EDR combines endpoint threat protection with the power of advanced machine learning to identify and block malicious processes. Intercept X uses AI that detects malware without relying on signatures and monitors system behaviour for any changes that indicate a malware attack. SophosLabs then provides the knowledge to back it up.
Let’s take a targeted ransomware attack as an example. Bad actors will try to use brute force to hack their way into an externally facing RDP server. Once in, they will drop an encryption package onto the system and start to encrypt files. Intercept X will then detect the new behaviour. CryptoGuard will stop the encryption, and EDR will fully report on the events chain (source, root cause, beacon, when it was detected, and if it has
been cleaned), providing complete analysis. Additionally, EDR customers will have access to a SophosLabs Threat Intelligence report that further aids you in your decision whether to allow the suspicious file or not.
How does this benefit you?
Sophos Intercept X Advanced with EDR will increase your security footprint without the need for additional resources to look after the solution. You can be safe in the knowledge that the solution you have chosen is the best in the business. With EDR, you will have all the tools you need to ensure that any detected threat has been stopped in its tracks!
I’m sure you know that if there is a breach and data is compromised, the Information Commissioner’s Office (ICO) has to be informed. As a result of this, if your security solution is deemed inadequate, you will be subject to a substantial fine! Throw GDPR into the mix, and you have the potential to be in serious trouble. With Sophos Intercept X accompanied by EDR, not only will you have an industry-leading security product, but also EDR ensures all details are captured for reference later.
So, should you become a target, you will be able to prove where exactly the threat has come from, where it has been and if it has been dealt with thoroughly.
From a resourcing view, investigating all detected threats and tracing their actions to ensure nothing has been compromised is a full-time role; EDR does this automatically and comprehensively, so you don’t have to. You can search through 90 days, so even if you have only been made aware of a threat, you can rewind the clock and quickly see how it was dealt with.
How good is Sophos compared to the competition?
As you can see, Sophos Intercept X with EDR is industry-leading when put up against the competition:
If Sophos Intercept X with EDR and keeping your business safe against cyber-attacks is something you are interested in, why not talk to our team today? Our team of friendly experts are always available to find you the best protection for your business; contact us here!