EDR (Endpoint Detection and Response)

Written by
Matt Mone

Go Back

Hardly a week goes by without the news reporting on another cyberattack on US companies. In fact, ransomware attacks went up by 148% during Covid-191 and experts warn that the conflict in Ukraine could lead to unprecedented cyber risk for US organizations2.

With the average cyberattack costing a small business $25k3 this is not something to be ignored. Particularly as ransomware costs are expected to reach $265 billion by 2031.4.

To help ensure your company is best positioned to detect and respond to potential security threats, here is our brief guide to Endpoint Detection and Response (EDR).

What is EDR?

Traditional anti-virus relies on having a set of definitions and checking files to see if they match any of the viruses the software knows about. This setup has two major drawbacks: First, if there isn’t yet a definition for a virus (zero-day) and second, if the anti-virus software hasn’t been updated a virus can infect the computer.

EDR builds upon this and looks at the behavior of a given file or program and whether that behavior looks malicious. It can then automatically block what it identifies as a threat without having a definition for the virus.

The classic example is if a program you download suddenly starts trying to encrypt all the files on the computer. You can reasonably assume that it’s a cryptolocker virus (i.e., malicious software which holds your files for ransom) and should be blocked, which a good EDR software will do.

What are some well know EDR providers?

Some of the leading names in EDR include:

  • Crowd Strike
  • Microsoft Defender for Endpoint
  • Bitdefender, and
  • Sophos.

How is EDR relevant to you?

Having EDR is the most effective defence against the cryptolocker viruses that have been on the news and targeting organizations. EDR products are so effective most insurance companies now require EDR for cyber liability renewals, so it’s very likely that it will be something you will have to implement on your next renewal.

What are some added benefits of EDR?

Most EDR platforms will also continuously monitor your computer’s applications for known vulnerabilities in real-time, i.e., if there is a security flaw with a given version of Adobe Reader your EDR platform will let you know and tell you which of your devices are affected.

In the case of a breach or suspected breach, you can use your EDR platform to investigate and see what files or actions a given program took on a computer. It’s a quick and effective way to identify and respond to cyber threats.

You can find out more about cybersecurity and your business here and learn further tips on how to protect against ransomware here. Plus, discover how increased security is just one of the benefits of outsourcing your IT to a Managed Service Provider (MSP) like Insource.

Follow us on social media here:




For anything else, email us at insource@insourceservices.com or call us on (781) 235-1490.