What is EDR?
Endpoint Detection and Response (EDR) is a newer expansion of traditional endpoint security, with a focus on greater endpoint visibility for the purpose of enabling faster response times. When an endpoint encounters a never-before-seen threat, for instance, EDR allows the new threat to be monitored and, if necessary, categorized as malicious.
With EDR, endpoint security provides additional visibility into zero-day, polymorphic, and advanced persistent threats and allows for an immediate response. Machine learning models, for instance, can be trained to monitor an unknown file and make categorization decisions based on behavior. In other words, only when the file begins acting similarly to known malicious files is it categorized as such.
Why is EDR important?
EDR is important, for one, because according to Webroot data 93% of all malware seen in 2018 was polymorphic. This means that the practice of protecting endpoints based on static lists of current threats pushed out to individual endpoints has outlived its usefulness. For such a system to work, updates would need to be pushed out almost ceaselessly, bogging down devices and mangling the user experience.
Instead, with a platform based on cloud-based machine learning architecture like the Webroot® Platform, threats can be identified as they hit the device and all cloud-connected devices can be protected against the new threat in as little as a few minutes.
EDR and Cybersecurity
Today’s threat landscape requires innovative methods of protection. Simple, definition-based endpoint security solutions can no longer protect businesses or individuals. For consumers and businesses alike, it’s important to investigate the technology backing their endpoint protection solution of choice.
For businesses looking for the advanced, cloud-based machine learning architecture that makes EDR possible, explore Webroot® Business Endpoint Protection here.