For years, we’ve known that you need active, running and updated antivirus on your computer to help keep your computer safe. Like all technology, antivirus is going through an evolution, and it is one you should know a bit more about.
First, what is basic antivirus in plain English? It is a program that runs on your computer or smartphone that has a list of known bad programs it looks for. When it sees it, the antivirus solution stops the process and isolates it in a quarantine or takes other actions. It can also look for patterns of misbehaving or suspicious programs that may not be on a list, but takes action against it to be safe rather than sorry.
Next generation antivirus is known as EDR, or Endpoint Detection and Response and it hit the market a few years ago. Soon after hitting the market, we began seeing it on yearly cyber insurance questionnaires filled out at renewal time. When it was first released, it was pretty expensive and the market had not really adopted it at the time, so we watched it go through the paces.
What makes EDR antivirus better? At its core, it still is antivirus, and it performs in a similar way. The difference is that it has advanced features that allow it to trace back where the infection started. It can reveal how the malicious code accessed the environment whether a USB stick, unpatched operating system or program, or an email. It can tell us who clicked a link, what exactly the payload attempted to compromise, where it may have “phoned home” and other information like that. If it was an email phishing attack, it can also find out who else in your organization also received the message.
- Did you know that 94% of malware infections start with email?
- 40% of ransomware originates from email.
Our new solution is known as XDR which means Extended Detection and Response. It is EDR, only with added features. The extra features in XDR include threat hunting, the ability to scan email at the M365 (or G-Suite) level, and has an optional live Security Operations Center (SOC) that monitors your network 24×7. This option includes mitigation and disaster recovery assistance via a response team, so it’s a service that works while you sleep. It can even identify a suspicious program on a computer in the middle of the night, stop it from running, spin it up in an offsite “sandbox environment” and determine whether it is safe or not.
For G-Suite and Microsoft 365 email hosting, it connects to your company account and scans for threats in the cloud where your email actually lives. It learns the writing style of each mailbox user and applies that to incoming emails, flagging ones that may not really be the author that it claims to be. This is a huge step in being able to stop a well-crafted phishing campaign. We have all noticed the scammers are getting smarter with better grammar and spelling than a few years ago, so technology helps stay ahead of it automatically. XDR even scans your emails for malicious links and flags or quarantines them. This occurs before it hits your inbox in most cases.
We believe most insurance companies will soon require EDR/XDR antivirus in order to qualify for cyber insurance. In fact, many require it now. All of them ask what type of antivirus your company runs whether it is EDR/XDR or legacy protection. It’s a fact that insurance companies are paying out enormous sums for ransomware attacks against their clients, so it isn’t a surprise to see insurance carriers driving demand for this type of service. Ransomware attacks occur more often in businesses that are under-protected in the way of cybersecurity. Traditional antivirus protection is considered table stakes at this point. The evolution to next-generation antivirus (EDR) and, even better, XDR services is growing in importance and urgency. Threat hunting, active sandboxing and extending protections to company email makes good business sense. All of your organization’s computers and smartphones should be covered.
Reach out if you would like more information or a quote to upgrade your organization to the latest in antivirus protection and response.
Kaleb Jacob
Eagle Network Solutions