End Point Detection & Response (EDR)

This is one of the first SLCGP services available to local municipalities free of charge. Endpoint Detection and Response (EDR) continuously monitors end-user devices to detect and respond to cyber threats like ransomware, malware, and non-malware-based attacks. Utilizing data analytics techniques to detect suspicious system behavior, EDR provides contextual information, blocking malicious activity, and provides remediation suggestions to restore affected systems.

Anti-Virus signatures do not protect systems, because adversaries are using malware and attack techniques that the antivirus providers have not yet developed a “signature” to match. Once an antivirus signature is developed, the attackers modify their malware very slightly, making it look like a new attack, escaping the signature match.

EDR doesn’t just alert when it detects malicious activity, it blocks it, and prevents it from executing. Users often invite malware unintentionally into the environment by clicking on phishing links, opening documents with macros enabled, and taking other actions that allow malware to execute. EDR detects this malware and prevents it from executing without relying on the user’s discretion.

EDR records and preserves all actions taken on the system. If a system has been compromised, without EDR, you won’t know all the actions that were taken, and you may have to assume the worst, reimage the full system, or declare that a breach occurred. Additionally, you may take actions that seem appropriate, but it may not completely stop the attack. You may spend months attempting to remediate the incident, but because you couldn’t see and understand exactly what happened, how it happened and how to fix it — the attacker may return within a matter of days or sell the knowledge and access to other attackers.

If an attacker gains access to your environment, without EDR, the attacker is free to move around in your environment, often creating back doors that allow them to return at will. Traditional antivirus software will not detect activities conducted by a person (non-malware-based activities). According to a 2022 study, 71% of attacks observed were not based on malware, instead having shifted to more advanced hands-on keyboard activity.