EDR vs. Managed Antivirus: What You Need to Know

Layered security is undoubtedly the best defense in the face of current and future threats to your networks and end users. Within that model, you’ll hear two solutions discussed frequently  to protect the end user: managed antivirus (MAV) and endpoint detection and response (EDR) Both offer benefits, but as the lines between the two blur, it’s difficult to know the difference between the two. The question asked most often is, “Will EDR replace MAV?”

Either—not both

There’s debate about whether you can use MAV and EDR simultaneously, but they compete from a resource perspective—so it’s not recommended. In today’s post, we’ll discuss the advantages of both and when to deploy each solution.

Neither is a one-size-fits-all solution. They both address different issues. When deciding between the two, it’s important to consider several factors, including the type of business in need of protection, the end users, cost, etc.

MAV: solid protection at a great price point

According to Liberman Technologies, managed antivirus is “a centrally-managed software option that protects all of the computers at your business from virus threats.” With MAVs, no user intervention is necessary. When a virus or malware is discovered, it’s immediately quarantined. It’s a simple, straightforward first line of defense for employees—it doesn’t require any technical knowledge and does a good job of turning away many threats.

MAV does require regular definition (virus signature) updates though—and therein lies the rub. The protection afforded by the program is only as good as your updates. New threats arise daily and ensuring updates get pushed out in a timely fashion is truly a best-efforts scenario. Often, threats are discovered after the damage is done.

Given this critical issue, why choose MAV? Well, there are several reasons. Clearly, ease of use is at the top of list. Zero intervention on your part is one less thing to worry about. It’s a good value proposition at an affordable price point, as we’ll see. Some additional benefits include:

• • One management source: You can look to your MSP as the single source for deployment, management, definition updates, and threat debriefings.
  • “Locked-down” security: MAV program policy allows for zero intervention from the end user. They can’t force an update or uninstall the program without the proper permissions.
  • 24/7 monitoring:  No intervention required from the end users.
  • Fast remediation: You’re able to triage threats in real-time.
  • Cost: MAV is less expensive per seat than EDR. This is the second biggest selling point for MAV behind the effective protection aspect. But as we’ll point out, the margins are becoming slimmer. And given the threat environment we face today, you might find yourself in a position where you can’t afford not to pay for EDR.

EDR: Now we’re in the big leagues 

Let’s move on to the heavy hitter: EDR. EDR is a multifaceted solution that does everything MAV can do, but takes things a step further—providing greater security and (most importantly) peace of mind. These include, but are not limited to:

• • Monitoring
  • Threat detection
  • Whitelisting/Blacklisting
  • Threat response
  • Integration with other cybersecurity solutions

Moving beyond threat detection and quarantine

EDR is centered on endpoint detection. And like MAV, MSPs manage it without requiring any input from the end user. Given the number of threats that spawn daily, managing large numbers of endpoints can be more difficult with antivirus and other point solutions. This is the point where differences between MAV and EDR come into sharp focus.

EDR is proactive. Comprised of monitoring software and endpoint agents, integrated machine learning and advanced artificial intelligence (AI) allows EDR to identify threat vectors that exhibit suspect behavior and address them before they’re acknowledged as harmful. Instead of relying on definition updates, it looks for abnormal behavior. For example, if several files change at the same time, it’s likely due to an endpoint assault.

If you use Endpoint Detection and Response (EDR), processing is done locally on the endpoint. You can recover quickly, in an automated fashion.

Tell me a story

It’s not enough to accept a threat has done damage—you want to ask yourself how and why you arrived at this point. This is where EDR really shines with active root cause analysis. EDR provides true context via a “visual storyline.” You can see what process spawned the attack as well as how it replicated and spread. You’ll also find answers to how the threat is constructed. This will drive actionable information to help the end user understand their part in allowing the threat to slip through, if applicable.

The storyline unfolds in real-time as an attack occurs, but with EDR, you’re far from defenseless. Your recovery options include killing, quarantining, and remediating (rolling back) the attack. Think of the EDR agent as your personal security operations center analyst. You can literally undo the damage done, rendering ransomware useless.

To get the protection of Endpoint Detection and Response, contact Adetti today. We will be happy to discuss your specific needs and tailor a solution that fits your business.