Today, the Endpoint security industry is still predominantly divided by two product classes, EPP and EDR. Traditional anti-malware scanning is covered by EPP (Endpoint Protection Platform), while EDR (Endpoint Detection and Response) includes some more advanced capabilities such as detecting and investigating security incidents and the ability to correct endpoints to the pre-infection state. It is obvious to security practitioners that full endpoint security requires both EPP and EDR capabilities. As a result, the market is moving to the Next Generation Endpoint Security, a unified, more complete solution.
What is an EPP?
The Endpoint Protection Platform (EPP) is an integrated safety solution designed to detect and block threats at the device level. This typically involves anti-virus, anti-malware, data encryption, personal firewalls, intrusion prevention (IPS), and data loss prevention (DLP).
Traditional EPP is fundamentally protective, and most of its techniques are signature-based, detecting threats based on existing file signatures for newly discovered threats. However, the latest EPP solutions have evolved to utilize a wider range of techniques for detection.
What is EDR?
Cybersecurity systems that integrate elements of next-gen antivirus with additional tools to provide real-time anomaly detection and alerting, forensic analysis, and endpoint remediation capabilities are Endpoint Detection and Response (EDR) systems.
EDR improves threat awareness outside the reach of EPPs by documenting every file execution and alteration, registry update, network link, and binary execution across the endpoints of an organisation.
EPP vs EDR
In general, an EPP solution serves as the frontline protection of an endpoint, just the same as antivirus software does for viruses.
EDR solutions, on the other hand, are designed to deal with risks that have not been identified by the EPP software. This could include new strains of malware, newly discovered zero-day exploits, and other vulnerabilities not yet included in the database of the EPP threat.
Endpoint Protection Platform (EPP) | Endpoint Detection and Response (EDR) |
A first-line defence mechanism that prevents threats | Assumes a breach has already occurred and helps investigate and contain it |
Does not require active supervision | Used actively by security staff to respond to incidents |
Passive threat prevention | Active threat detection |
Does not provide visibility into activity on the endpoint | Helps security teams aggregate event data from endpoints across the enterprise |
Able to prevent known threats and some unknown threats | Enables immediate response to threats that EPP could not detect |
Focused on protecting each endpoint in isolation | Provides data and context for attacks spanning multiple endpoints |
What is Managed EPP/EDR?
Managed EPP/EDR is a centrally managed software option that protects against virus threats on all computers in your business. Because it automatically installs applications, the workers do not need to upgrade their computers on their own or search them. Without requiring intervention from your workers, viruses, and malware detected by this program are automatically quarantined. At all times, everyone in the company has the most up-to-date models. The “managed” portion of managed EPP/EDR ensures that Teceze updates your EPP/EDR programs and tracks the health and safety of your network in real-time. That means you and your employees can concentrate on your business objectives, understanding that your network is constantly being monitored by others.
Below are the features of managed EPP/EDR
FEATURES | MANAGED SERVICES | |||
SOHOSINTERCEPT X ADVANCED (EPP) | SOPHOSINTERCEPT X ADVANCED WITH EDR | |||
PREVENT | ATTACK SURFACE REDUCTION | Web Security | P | P |
Download Reputation | P | P | ||
Web Control / Category-based URL Blocking | P | P | ||
Peripheral Control (e.g. USB) | P | P | ||
Application Control | P | P | ||
BEFORE IT RUNS ON DEVICE | Deep Learning Malware Detection | P | P | |
Anti-Malware File Scanning | P | P | ||
Live Protection | P | P | ||
Pre-execution Behavior Analysis (HIPS) | P | P | ||
Potentially Unwanted Application (PUA) Blocking | P | P | ||
Intrusion Prevention System (IPS, coming 2020) | P | P | ||
STOP RUNNING THREAT | Data Loss Prevention | P | P | |
Runtime Behavior Analysis (HIPS) | P | P | ||
Antimalware Scan Interface (AMSI) | P | P | ||
Malicious Traffic Detection (MTD) | P | P | ||
Exploit Prevention (details on page 2) | P | P | ||
Active Adversary Mitigations (details on page 2) | P | P | ||
Ransomware File Protection (CryptoGuard) | P | P | ||
Disk and Boot Record Protection (WipeGuard) | P | P | ||
Man-in-the-Browser Protection (Safe Browsing) | P | P | ||
Enhanced Application Lockdown | P | P | ||
DETECT AND INVESTIGATE | DETECT | Cross Estate Threat Searching (inc. files, scripts) | P | |
Suspicious Events Detection and Prioritization | P | |||
INVESTIGATE | Threat Cases (Root Cause Analysis) | P | P | |
Deep Learning Malware Analysis | P | |||
Advanced On-demand Sophos Labs Threat Intelligence | P | |||
Forensic Data Export | P | |||
RESPOND | REMEDIATE | Automated Malware Removal | P | P |
Synchronized Security Heartbeat | P | P | ||
Sophos Clean | P | P | ||
On-demand Endpoint Isolation | P | |||
Single-click “Clean and Block” | P |
Why choose Teceze for your endpoint security needs?
A core feature of Threat Detect, Teceze’s award-winning Managed Detection and Response (MDR) service, is managed endpoint security. In addition to the latest EPP and EDR technologies, our expert team of SOC analysts, engineers and researchers have a deep understanding of attacker tradecraft and use this expertise to hunt, detect and respond to attacks, 24/7.
As part of the package, Threat Detect can also provide network security monitoring for improved cloud security and broader threat visibility. SIEM, IDS, vulnerability scanning, behavioral monitoring, and other advanced security technologies are handled. In addition, reporting can be customized to fulfill the specifications of compliance criteria such as the GDPR, ISO 27001, NIS Directive, and PCI DSS.
Benefits of Teceze Managed EPP/EDR Services
Obviously, it’s a huge plus to be able to concentrate on your core business without worrying about the protection of your data. But there are also other advantages of using a Teceze managed EPP/EDR solution, including
• Continuous monitoring – Teceze checks the device periodically and applies behind the scenes patches and updates.
• Cost-effective pricing – A single solution’s per-user pricing is usually more affordable than individual licenses.
• Central Management – Conferring your EPP/EDR management to a single source means that the most current versions are available for every device in your system.
• Consistent security – A managed EPP/EDR solution cannot be turned off or uninstalled by your employees
• 24 X 7 Rapid response – A constant threat is viruses and malware, and Teceze can quickly address and remove these threats.
• Regular updates – System-wide virus definition updates happen automatically and regularly.
EPP covers traditional anti-malware scanning, whereas EDR covers some advanced capabilities like detecting & investigating security incidents, the ability to remediate endpoints to a pre-infection state.