The more layers of security the better of course, but what is the difference between a traditional antivirus and an EDR (Endpoint Detection & Response) solution.
Antivirus and EDR (Endpoint Detection and Response) are both important components of an endpoint cyber security strategy, but they offer different levels of protection and work in different ways.
How does a traditional antivirus work?
Traditional antivirus is software that works based on what it knows. To do this, it keeps a list of known viruses and malware. A list (or database) that is ideally updated very frequently and automatically.
If a virus comes along that is known, it will be stopped. You get a message with a possible request for a specific action and then you can move on.
Over the years, the list of virus definitions has grown longer and longer, making automatic updating a quasi-permanent task. As a result, the system (your computer) on which this software resides is constantly under extra load, because every file, mail or action must be scanned.
What is the difference with Endpoint Detection & Response (EDR)?
In fact, antivirus software as we know it today is always running a little behind reality. Mind you, doing nothing is even worse, so it is not completely useless.
EDR does not work on the basis of virus definitions but will permanently and actively look for suspicious behaviour on your endpoint. If there is unwanted activity, EDR will immediately block or neutralise it to prevent further spread.
Antivirus traditionally focuses on detecting and removing malware on an infected device. It does this by scanning files and applications for known threats and blocking or removing them. Antivirus is effective against known threats, but it may struggle to detect unknown or advanced threats, such as zero-day attacks and fileless malware.
EDR goes beyond antivirus by monitoring and analysing suspicious activity on the endpoints. This includes activities such as network traffic, process execution and file behaviour. By analysing these activities, EDR can detect unknown and advanced threats that may elude antivirus. In addition to detection, EDR also provides threat response capabilities such as isolating infected devices, stopping malicious processes and removing malware.
EDR versus anti-virus