What is EDR (Endpoint Detection & Response)?

Comparison between Vaccine (Anti-virus) and EDR
  • Identification: When a program is running, we would know its maliciousness and reputation. Therefore, before implementing activities on the Endpoints, EDR would identify whether those activities are malicious or not by safely running them in a separate space first.
  • Protection: This involves blocking programs that are determined malicious, or moving files to a safe place to be kept in quarantine. Beyond the cybersecurity field, quarantine seems to have become an ordinary term these days as we hear it so often in relation to COVID-19.
  • Detection: Monitoring activities and behavior on Endpoints for detecting malware. Think about it like a CCTV. If someone commits illegal activities at an entrance, the security guard monitoring the activity on CCTV will not give access permission but instead will catch the specious guy. Malware detection is basically a similar concept.
  • Response: Responding to detected behavior like blocking activity to prevent damages to specific areas of the system that would otherwise result in the failure of computer boot, and instantly backing up images, videos, documents, etc. that are about to be encrypted by ransomware into a protected area. The feeling of desperation when you lose data would be similar to that of when you lose your cherished anniversary pictures, a child’s birthday, and wedding photos. How devastated would you feel?
  • Recovery: Recovering files that otherwise could not be opened due to encryption by malware by using the files backed up during the response stage. Imagine how happy you would feel when you get the files back that you thought were gone for good. It would be beyond what words could describe. I remember one time my computer suddenly went blank while I was editing my documents. I nervously turned the computer back on but uncertain what would happen to the work I was finishing. And as soon as I found out the document wasn’t lost (as it was backed up) after all, I couldn’t help thanking Microsoft! Sounds familiar?
The concept of EDR

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store