Antivirus for business has been the cornerstone of PC and IT security for the better part of 30 years. However, in today’s world, traditional antivirus for business falls short of providing the complete security & protection your business systems require. If you’re experiencing more virus infections, more malware, encrypted data due to ransomware, or compromised PCs in general, your antivirus may be trying to tell you something.
Cybersecurity – A Changing Threat Landscape
As of this writing (October 2020), the cybersecurity landscape has changed for everyone and continues to change today. Today’s threats are fundamentally different and more sophisticated in how they attempt to exploit your business systems. Traditional antivirus software is very limited in its scope and what it can do to mitigate these modern threats. A primary limitation of antivirus is the software’s dependence on “virus signatures” and “engine” updates. These updates are necessary to detect new viruses and malware. If for some reason, the antivirus software is unable to get these critical updates, the antivirus software becomes outdated, ultimately leaving the PC vulnerable. I cannot tell you how many times we’ve visited new prospects, performed a security assessment, and found a large number of their systems with expired antivirus licensing (resulting in no updates/protection). If you are running conventional antivirus in your business, are you sure all systems have a current license, and they’re getting their updates? If not, you have some work to do!
While traditional antivirus for business worked (more or less) for the better part of three decades, modern threats have rendered traditional antivirus of limited use today. In response to these threats, antivirus vendors have been expanding the capabilities of their antivirus solutions, but remain limited by their reliance on signatures/updates.
Endpoint Detection and Response (EDR)
In recent years, a new solution has begun to replace conventional antivirus. These solutions are called Endpoint Detection and Response (EDR) software. Endpoint Detection and Response software is the successor to traditional antivirus. The “endpoint” is the end user’s device, whether a PC, MAC, mobile phone, or tablet. Most EDR software packages provide a suite of tools to secure the endpoint and to mitigate any security threats detected. EDR software is far more comprehensive in its approach to security and threat protection. EDR systems utilize integrated tools that communicate, report, and remediate the detected risks attacking your systems. Due to this more comprehensive approach, EDR software is more effective at detecting and neutralizing modern threats.
Why a Comprehensive EDR for Business is a Better Mouse Trap
In addition, because EDR software does not depend on virus signatures, it’s better equipped to detect new threats. New virus and malware have been a challenge for antivirus vendors dependent on releasing new virus signatures and rapidly deploying these signatures to their customers. Unlike their traditional counterparts, EDR software can detect threats in the absence of virus signatures. How? The EDR software largely depends on artificial intelligence and behavioral analysis of the system it is protecting. Artificial intelligence is a more comprehensive approach to endpoint security vs. conventional antivirus. While a traditional antivirus may be looking for specific virus patterns in your files, an EDR may be analyzing the changes to your PC in real-time and the potential risks of these changes. At some level, the EDR is “understanding” the dangers and performing counter-measures to prevent them.
Years ago, servers were the primary target for hackers, malware, and viruses. However, servers were often well protected, secured, and difficult to infiltrate. So the bad guys shifted their focus to the under-managed workstations and the users themselves. The PCs, mobile phones, and tablets we carry every day became the primary target to exploit. Most companies managing their own IT, and most IT cybersecurity consultants, now take a layered approach to IT security. As part of that IT security strategy, it’s essential to realize the endpoint is the “last stop” before a virus or malware threat can do its damage. The malware/virus made it through all your other defenses, i.e., the company firewall, your SPAM filtering system, the web-filter, etc. The threat has now reached the endpoint to deliver its damaging payload. The only software left to mitigate this risk is the EDR software itself.
What if the EDR fails to detect or mitigate the risk? All is not lost. Many EDR software packages still can report the event and “isolate” the compromised system from the rest of the network. This isolation feature is critical and lacking in most traditional antivirus software. As many IT consultants in NJ and IT consultants in NYC know, one infected system can compromise the entire network (including the servers). Isolating the compromised system has the benefit of protecting other systems on the network from the threat while minimizing the potential damage to other systems. It’s a standard feature for EDRs to provide the ability to detect emerging threats on the network and report on them in real-time. However, only a few EDRs can “roll-back” the system to a pre-infected state. This roll-back feature even includes restoring encrypted data on the system. Try that with your traditional antivirus!
Some readers may ask if it’s advisable to run an EDR and conventional antivirus on the same endpoint, i.e., PC, MAC, etc. The short answer is no. The EDR and antivirus systems often compete with one another for system resources like file access and memory. The result is often performance issues or an unstable system. Ascendant’s recommendation for the endpoint today is to run one comprehensive EDR software package and remove your conventional antivirus.
One of the best EDRs we’ve managed at Ascendant Technologies, Inc. is SentinelOne. We have the SentinelOne software widely deployed on client systems, and it is truly a better, more secure system. While the cost is higher than conventional antivirus, no one ever complains about the price when the SentinelOne software restores their data or rolls back a compromised system! One other thing to consider, make sure whatever EDR you install, you engage your enterprise IT department or an IT consultant who is familiar with the software. These systems are complicated and are only fully effective when properly configured.
If your current business antivirus is falling short, please contact us at Ascendant Technologies, Inc. for a security assessment of your current antivirus. We’ll be happy to show you a better, more secure way to protect your systems. Contact us at 732-563-2675 or email us at info@ascendantUSA.com.