As cybercriminals become more advanced in their attack techniques, security systems have to be beefed up to compete. In particular, endpoint defense has seen major strides forward in the last couple years, trying to stay ahead of the hackers.
The result has been the development of Endpoint Detection and Response (EDR) systems. These might superficially look like traditional anti-virus software, but they go far further. Where typical anti-virus programs are simply act like shields, intended to recognize and block malware before it has a chance to do damage, EDR goes much further. It provides advanced analytical tools which helps IT administrators trace the attack backwards, pointing at the vector of attack and possibly even the source.
This functionality is crucial, given how often businesses are now directly targeted by hackers. You can't assume that an employee has accidentally picked up a virus. All too often, malware-based attacks are now intentional and directed. Discovering their source is crucial for stopping the true threat.
As is typical for a growing area of computer security, there are a lot of options available. These are some of the solutions we tend to recommend to our own customers.
Carbon Black has an interesting pedigree, coming to business computing by way of the CIA and NSA. As with many entries on this list, it utilizes cloud-based analytics to enhance detection, and has impressive predictive capabilities. It's also highly trusted, listing roughly 1/3 of the Fortune 100 among its customers.
When 12 of the top 15 banks in the world use a security product, it's clearly doing something right. Tanium utilizes an interesting peer-to-peer architecture which speeds up oversight and communication between various endpoints, increasing the ease of monitoring, while offering virtually unlimited scalability.
For smaller businesses on a budget, Symantec's products offer an excellent value while still providing high-quality protection - and Symantec continues to be well-regarded in the industry. These products aren't as robust as most of the other options on this list, but with licensing prices that start at only $3.50/mo, it's extremely budget-friendly. A growing operation probably won't stick with Symantec when there are better optons from groups like Cisco and Sophos, but it's a great place to start.
Cisco's approach to EDR is to leverage its gigantic presence in the networking field to gather information. They have one of the largest and most comprehensive groups in the industry, dedicated to tracking malware and other attacks on their networks. The result is one of the single most robust endpoint protection solutions on the market, even garnering a perfect 100% from NSS Labs for threat detection.
If there's a downside it's that, like most of Cisco's products, the licensing costs scale steeply as your deployment grows in size.
Sophos is almost universally regarded as the masters of computer security, mostly because it's their sole focus. Unlike other groups like Cisco, Sophos's entire business revolves around security solutions. Currently, Sophos CEA can make a strong claim to being the most advanced EDR in the industry, with AI-based heuristic detection capable of recognizing brand-new threats which haven't yet been cataloged.
This package can also be enhanced with their Intercept X product, which is by far the best option on the market for detecting and shutting down cryptographic "ransomware" attacks before they can do damage.
Hummingbird Networks is focusing on building affordable business networks, with the robust security protections needed to prevent catastrophic attacks. Contact us to arrange for a security consultation.