The cybersecurity marketplace has exploded with new technologies and new products in response to the high-risk environment we live in today. Recent reports show that in 2021 cyber damages were approximately 6 trillion, and according to a January 2022 Forbes article, 43% of all data breaches involve small and medium-sized businesses. 

Antivirus products have been around for a very long time. If I think back to when we (CTaccess) first encountered a significant virus on a company network, it was way back around 1995. Interestingly, the virus didn’t come from the Internet but from a software driver disk. That customer had no antivirus installed, but soon after, they added it. How things have changed!

Antivirus software has undergone significant innovation since then, and just in the last 3-5 years, there has been a considerable shift. The antivirus category has transformed into three different technologies.

As a business leader, it is important to understand these three categories to make a good decision on what your organization needs. The differences are pretty technical, and of course, IT people like to use crazy acronyms. Let’s look from a business perspective with just enough tech to make some distinctions.

• (EDR) Endpoint Detection and Response
• (XDR) Extended Detection and Response
• (MDR) Managed Detection and Response

1) EDR is what most of us think of as traditional antivirus and is an absolute MUST. If you have been using a leading antivirus package for years, chances are it falls in the category of EDR. Every business should be using a corporate package, not freeware, and not box-packaged software. A good EDR will be centrally controlled via a dashboard and allow for reporting and a solid overview of what is happening in your company. EDR focuses on preventing malicious software or malware from entering your network. It focuses on stopping it before it enters.

2) XDR is one of the newer categories of protection, and it is an upgrade from EDR. If you go to XDR, then  you don’t also need EDR. XDR also focuses on prevention, but it adds a more holistic approach to security and addresses your cloud resources. In addition to protecting endpoints like EDR, it adds specific tools to protect cloud email like MS 365 or Gmail. Often XDR will also offer targeted protection for cloud services like SharePoint, OneDrive, Dropbox, Box, and Google Drive. Because it directly plugs into your hosted email, it adds deeper SPAM protection and often better phishing prevention. It also often provides data loss prevention (DLP) specifically targeted at your cloud data.

3) MDR is the final newer category of antivirus technology, and it differs from the others because it takes a little different approach. MDR turns the tables, and instead of focusing entirely on prevention, it uses an assumptive approach. That approach says, what if malware or a hacker was already in your data or network? What are the indicators of such an attack, and how do we detect and stop it before it is too late?  This technology works on the concept that a hacker dwells on your network for weeks before being detected. Security vendor, Mandiant reports the average hacker’s dwell time is 21 days for 2021.That is 21 days on average a hacker is on your system, before  you know they are there. During this time, the hacker learns about your business, exfiltrates data, and often disables backups.

MDR technology differs significantly from one vendor to the next, but there are some commonalities. The ‘M’ stands for Managed, which means that it comes with a live group of people reviewing alerts generated by your software. These “threat hunters,” as MDR company Huntress calls them, are checking critical alerts and looking at alert data from your system with human eyes. Most of the time, these companies use some form of artificial intelligence to look for things that need to escalate to a human team for review.

Every MDR package is a little different, but some common MDR features are early detection of a ransomware outbreak, quick isolation of an infected computer, a warning system for open IP addresses and ports, detection of persistent footholds indicating that a hacker may be dwelling on your system, and automated removal and remediation of problems.

As you might expect from the description, MDR technology does not replace your EDR or XDR package. It is an additional layer of security. However, some MDR companies bundle their own XDR package into their offering, so that it is a complete package. When evaluating solutions, you must pay close attention to the features included in the package, as they all differ significantly. In addition, it is important to understand the organization’s size and abilities of their Network Operations Center (NOC), since this is a critical part of the solution.

The antivirus decision is no longer quite as simple now that we must choose some combination of EDR, MDR, and XDR. The decision of exactly which combination you need is different for each company. However, with the elevated risk we are all experiencing, some combination of these new technologies is advisable and helpful in staying secure.