Back to InsightsManaged EPP vs EDR
Table of Contents
Difference between EPP and EDR
Today, the Endpoint security industry is still predominantly divided by two product classes, EPP and EDR. Traditional anti-malware scanning is covered by EPP (Endpoint Protection Platform), while EDR (Endpoint Detection and Response) includes some more advanced capabilities such as detecting and investigating security incidents and the ability to correct endpoints to the pre-infection state. It is obvious to security practitioners that full endpoint security requires both EPP and EDR capabilities. As a result, the market is moving to the Next Generation Endpoint Security, a unified, more complete solution.
What is an EPP?
The Endpoint Protection Platform (EPP) is an
integrated safety solution designed to detect and block
threats at the device level. This typically involves
anti-virus, anti-malware, data encryption, personal
firewalls, intrusion prevention (IPS), and data loss
prevention (DLP).
Traditional EPP is fundamentally protective, and most of its
techniques are signature-based, detecting threats based on
existing file signatures for newly discovered threats.
However, the latest EPP solutions have evolved to utilize a
wider range of techniques for detection.
What is EDR?
Cybersecurity
systems that integrate elements of next-gen
antivirus with additional tools to provide real-time anomaly
detection and alerting, forensic analysis, and endpoint
remediation capabilities are Endpoint Detection and
Response (EDR) systems.
EDR improves threat awareness outside the reach of EPPs by
documenting every file execution and alteration, registry
update, network link, and binary execution across the
endpoints of an organisation.
EPP vs EDR
In general, an EPP solution serves as the frontline
protection of an endpoint, just the same as antivirus
software does for viruses.
EDR solutions, on the other hand, are designed to deal with
risks that have not been identified by the EPP software.
This could include new strains of malware, newly discovered
zero-day exploits, and other vulnerabilities not yet
included in the database of the EPP threat.
|
Endpoint Protection Platform (EPP) |
Endpoint Detection and Response (EDR) |
|
A first-line defence mechanism that prevents threats |
Assumes a breach has already occurred and helps investigate and contain it |
|
Does not require active supervision |
Used actively by security staff to respond to incidents |
|
Passive threat prevention |
Active threat detection |
|
Does not provide visibility into activity on the endpoint |
Helps security teams aggregate event data from endpoints across the enterprise |
|
Able to prevent known threats and some unknown threats |
Enables immediate response to threats that EPP could not detect |
|
Focused on protecting each endpoint in isolation |
Provides data and context for attacks spanning multiple endpoints |
What is Managed EPP/EDR?
Managed EPP/EDR is a centrally managed software option that protects against virus threats on all computers in your business. Because it automatically installs applications, the workers do not need to upgrade their computers on their own or search them. Without requiring intervention from your workers, viruses, and malware detected by this program are automatically quarantined. At all times, everyone in the company has the most up-to-date models. The "managed" portion of managed EPP/EDR ensures that Integera updates your EPP/EDR programs and tracks the health and safety of your network in real-time. That means you and your employees can concentrate on your business objectives, understanding that your network is constantly being monitored by others.
Below are the features of managed EPP/EDR
|
FEATURES |
MANAGED SERVICES |
|||
|
|
|
SOHOS INTERCEPT X ADVANCED (EPP) |
SOPHOS INTERCEPT X ADVANCED WITH EDR |
|
|
PREVENT |
ATTACK SURFACE REDUCTION |
Web Security |
P |
P |
|
Download Reputation |
P |
P |
||
|
Web Control / Category-based URL Blocking |
P |
P |
||
|
Peripheral Control (e.g. USB) |
P |
P |
||
|
Application Control |
P |
P |
||
|
BEFORE IT RUNS ON DEVICE |
Deep Learning Malware Detection |
P |
P |
|
|
Anti-Malware File Scanning |
P |
P |
||
|
Live Protection |
P |
P |
||
|
Pre-execution Behavior Analysis (HIPS) |
P |
P |
||
|
Potentially Unwanted Application (PUA) Blocking |
P |
P |
||
|
Intrusion Prevention System (IPS, coming 2020) |
P |
P |
||
|
STOP RUNNING THREAT |
Data Loss Prevention |
P |
P |
|
|
Runtime Behavior Analysis (HIPS) |
P |
P |
||
|
Antimalware Scan Interface (AMSI) |
P |
P |
||
|
Malicious Traffic Detection (MTD) |
P |
P |
||
|
Exploit Prevention (details on page 2) |
P |
P |
||
|
Active Adversary Mitigations (details on page 2) |
P |
P |
||
|
Ransomware File Protection (CryptoGuard) |
P |
P |
||
|
Disk and Boot Record Protection (WipeGuard) |
P |
P |
||
|
Man-in-the-Browser Protection (Safe Browsing) |
P |
P |
||
|
Enhanced Application Lockdown |
P |
P |
||
|
DETECT AND INVESTIGATE |
DETECT |
Cross Estate Threat Searching (inc. files, scripts) |
P |
|
|
Suspicious Events Detection and Prioritization |
P |
|||
|
INVESTIGATE |
Threat Cases (Root Cause Analysis) |
P |
P |
|
|
Deep Learning Malware Analysis |
P |
|||
|
Advanced On-demand Sophos Labs Threat Intelligence |
P |
|||
|
Forensic Data Export |
P |
|||
|
RESPOND |
REMEDIATE |
Automated Malware Removal |
P |
P |
|
Synchronized Security Heartbeat |
P |
P |
||
|
Sophos Clean |
P |
P |
||
|
On-demand Endpoint Isolation |
P |
|||
|
Single-click “Clean and Block” |
P |
|||
Why choose Integera for your endpoint security needs?
A core feature of Threat Detect, Integera's award-winning Managed Detection and Response (MDR) service, is managed endpoint security. In addition to the latest EPP and EDR technologies, our expert team of SOC analysts, engineers and researchers have a deep understanding of attacker tradecraft and use this expertise to hunt, detect and respond to attacks, 24/7.
As part of the package, Threat Detect can also provide network security monitoring for improved cloud security and broader threat visibility. SIEM, IDS, vulnerability scanning, behavioral monitoring, and other advanced security technologies are handled. In addition, reporting can be customized to fulfill the specifications of compliance criteria such as the GDPR, ISO 27001, NIS Directive, and PCI DSS.
Benefits of Integera Managed EPP/EDR Services
Obviously, it's a huge plus to be able to concentrate on your
core business without worrying about the protection of your
data. But there are also other advantages of using a
Integera
managed EPP/EDR solution, including
• Continuous monitoring - Integera checks
the device periodically and applies behind the scenes
patches and updates.
• Cost-effective pricing - A single
solution's per-user pricing is usually more affordable than
individual licenses.
• Central Management - Conferring your
EPP/EDR management to a single source means that the most
current versions are available for every device in your
system.
• Consistent security - A managed EPP/EDR
solution cannot be turned off or uninstalled by your
employees
• 24 X 7 Rapid response - A constant
threat is viruses and malware, and Integera can quickly
address and remove these threats.
• Regular updates - System-wide virus
definition updates happen automatically and regularly.
EPP covers traditional anti-malware scanning, whereas EDR covers some advanced capabilities like detecting & investigating security incidents, the ability to remediate endpoints to a pre-infection state.
Previous 