Hi community professionals,
I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously?
*In terms of products, I've been looking at CrowdStrike Falcon, Microsoft Defender for Endpoint, and ESET Endpoint Security.
Thanks for the help!
EDR (or XDR) is the new coinage for endpoint security technology.
Although those good old days antivirus software were doing the same thing, signature-based detection and response against that defection. But the modern threat vector has changed a lot and everything is quite complicated these days. So, the protection mechanism also.
Almost all leading cyber security software vendors have come up with newer versions of endpoint protection, sometimes with AI as well.
So, if there is an option, it is always better to go with EDR of anything "*DR". But keep in mind that cyber security has to be implemented in every layer of ISO.
Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.
Endpoint detection and response (EDR) is a solution that combines data collection, data analysis, forensics, and threat hunting, with the end goal of finding and blocking any potential security breaches in due time.
For the current attack landscape, you need both NGAV + EDR in a single product for better protection & remediation.
but the current trend is
XDR (Extended Detection and Response) collects and automatically correlates data across multiple security layers – email, endpoint, server, cloud workload, and network. This allows faster detection of threats and improved investigation and response times through security analysis.
The benefits of EDR over an antivirus solution are:
1. Behavior-based detection blocks advanced threats
2. Forensic analysis capabilities help with detailed investigations
3. Sandboxing capabilities safeguard your network environment
4. Automated remediation and instant threat removal
5. Threat pattern identification for easy detection in the future
6. Centralized security and enhanced endpoint visibility
Managed EDR exceeds traditional antivirus in multiple ways. It can detect the unknown and emerging threats missed by AV solutions. With real-time responses and extensive forensic analysis capabilities, managed EDR is, without a doubt, the superior endpoint security solution.
Read more: Managed EDR Over Antivirus
Antivirus lifeline (as a separate tool) is limited now.
All the products are now combining EPP and EDR into a single solution. I would rather prefer to go with XDR solutions which will help to detect and as well as remove the existing one from the system.
The “Antivirus” protection technology is replaced by EDR which does include a modern version of “antivirus” along with other ways of device protection.
Multiple vendors provide EDR: Trend Micro, Cisco, etc.
The more current technology is XDR.
I agree with most of the responses. SentinelOne, CrowdStrike, and Carbon Black are solutions that most enterprises use but if you are looking at a comparison/necessity of an endpoint solution vis-à-vis an EDR/XDR solution I believe the endpoint solution is as good as a dead investment. The current EDR / XDR is capable to replace the av. Keeping both solutions together will lead to issues with end-user performance and productivity loss. Obviously, it is your choice to judge security and productivity but keeping both solutions in an extremely critical environment can help you someday as well in a zero-day sort of attack which the AV OEM detects, and all these sophisticated solutions won't. So my take is you are the best judge of your environment. It's your choice.
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple high-powered endpoint security modules into a single, cloud-based security platform.
Most EDR solutions are EDR + EPP (Endpoint Protection, formerly called antivirus).
My opinion is: never run 2 different vendors in real-time (antivirus and/or endpoint security solutions) on the same machine, as either conflicts will most likely arise or CPU usage will go high.
If you look at a product like SentinelOne, it is both EPP and EDR (and much more...). In that case you only need this single product.
You could take a look at this short explanaition on YouTube: EDR? EPP? Both?!? See how to explain SentinelOne in just 2 minutes