As a business owner, you are likely familiar with and utilize antivirus (AV) software to help protect your hardware devices from cyber threats.

While antivirus programs provide basic protection from threats, the technology has been relatively unchanged since its inception in the late 1980s and can easily be bypassed by today’s savvy cybercriminals.

Antivirus programs are not enough to protect you from advanced threats like ransomware. Ransomware works much differently than traditional viruses and can attack your data and hold them hostage with encryption. Ransomware attacks cost businesses nearly $20 billion in 2020 alone.

So how do you fully protect your business from cyber threats including ransomware and malware? While nothing is completely infallible, implementing an endpoint detection and response (EDR) solution can protect your company from advanced threats.

What is Endpoint Detection and Response?

Endpoint detection and response is a cloud-based continuous monitoring cyber software platform designed to find and mitigate cyber threats that have bypassed your existing cybersecurity measures.

Think of endpoint detection and response, also referred to as endpoint threat detection and response (ETDR), as a cyber threat “hunter” and antivirus, as a cyber threat “roadblock” or “obstacle.” Sophisticated malware like ransomware can overcome a roadblock or obstacle, so “threat hunting” with EDR adds an additional layer of cybersecurity. If a threat infiltrates your antivirus software, EDR takes over.

How Does Endpoint Detection and Response Work?

EDR software such as SentinelOne is installed on endpoints and records every file execution, registry change, network connection, and other activities in a central database. Every action taken on endpoints is monitored and recorded. Then, using machine learning, EDR provides real-time data and threat intelligence on and between the endpoints.

EDR investigates the entire lifespan of the threat. EDR will determine how the threat bypassed the initial cybersecurity system (usually the antivirus software), where it has been in the environment, what it’s doing now, and how to eliminate it.

Using this data, EDR contains the threat and prevents it from spreading throughout your entire network. EDR uses analytics to find patterns and anomalies in an environment including rare processes, strange connections, and related risky activities.

System administrators can access the data compiled by the EDR in a central dashboard, and users that have suspicious activity on their endpoint will be notified of the threat in real-time.

EDR Capabilities

While many EDR programs have varying security capabilities, they share key components and features. When searching for an EDR solution, here are key capabilities to look for:

Detection

Cyber threat and incident detection are critical to a successful endpoint detection and response program. EDR uses continual file analysis to determine if any malicious behavior is unfolding. When identified, an EDR solution will flag the file as suspicious so immediate action can be taken.

Containment

After detecting an issue, an EDR solution will immediately contain the threat. If left alone, the threat can spread quickly throughout a network, creating chaos, and potentially infecting and harming other endpoints. Quick containment can save companies thousands of dollars in lost revenue, ransom, and downtime.

Investigation

What sets EDR apart from traditional antivirus is its ability to investigate the cause of the threat, document its behavior, and then use that information to improve upon existing security protocols. For example, if the threat slipped through the front-line barriers, there is clearly a vulnerable point-of-entry in the network. The EDR will help you find that vulnerability and remediate it.

Elimination

An EDR solution will efficiently and effectively remove the identified threat and scan the network for similar suspicious files that may have infiltrated the system. Using compiled data and best practices in cybersecurity, the threat is eliminated, and preventative measures are put in place to prevent the threat from replicating.

Why EDR Is Important for Businesses in 2021

Cybercrime rose a staggering 300+% in 2020, most notably after the abrupt transition to a remote workforce in the spring. The increase occurred mostly at companies that were using antiquated antivirus software without an EDR solution in place.

With remote work extending into at least the first few quarters in 2021, it’s important to take proactive measures to reduce the risk of cyber threats and attacks. Even if your workforce isn’t remote, EDR can help keep your company endpoints safe from a cyber threat.

Originally adopted by large enterprise businesses, EDR is now recommended for businesses of all sizes to avoid and mitigate a cyber attack. An effective EDR can protect businesses from losing thousands of dollars in lost revenue and critical hours of downtime.

Everound and SentinelOne: Your EDR Security Team

Everound partners with SentinelOne, a national, leading EDR solution, to implement affordable endpoint detection and response programs for both small and enterprise-level businesses. Nearly all data breaches occur at endpoints, so having a proper EDR solution in place is critical to keeping your business operating at peak efficiency in a safe cyber environment.

As endpoint protection platform (EPP) experts, Everound can help your business implement a comprehensive EDR solution at a reasonable investment. Reach out today for a free consultation, and to learn more about how we can help keep your IT safe, so you can focus on your core business.

In a world where no one seems to agree on anything, we can all agree that we hate spam.

For some reason, the people who send spam think it’s going to get us to buy something or switch insurance companies.

The problem is that not all spam is harmless; some spam is very malicious.

How Email Scams Work

Email that just arrives in your inbox is not harmful. In order to infect your computer or your network, you need to click something.

Because your spam program can pick up on many of these emails, it can keep you from seeing them in the first place.

There are a number of different scams. While this isn’t all of them, it’s a pretty good list of the most common types:

  • Survey – By definition, a survey online would require that you click something. The moment you do, you will either be sent to a site that has malware or will have prompted your computer to download it. Just don’t take any unsolicited surveys.
  • Imitation – This is an email from a company or a person that you know. Often, it’s an email that looks like it came from a common company, like PayPal or Microsoft. The way to know if it’s real is to look at the actual email address. The best policy is to go to their site yourself and look at your account. Don’t click anything in one of these emails.
  • Official – Scammers love to use official agencies, like the IRS or state government, to run scams. They’re hoping to panic you into clicking a button. Don’t. Again, open a tab and go to their website or look up the number and call them. The IRS doesn’t use email for official notices, ever.
  • Lottery – The lottery scam is a golden oldie. “You’ve won’t $1 million. Just click here.” No one wins a lottery they didn’t enter and no lottery will announce that you won $1 million via email.
  • Phishing – Phishing is when the scammers are looking for information. For example, they might email you posing as your email provider. It will ask you to change your password. They’ll use that to get into your account and give them access to a lot more.
  • Whaling – This is phishing designed to get to the CEO. They’re looking to hook the big fish, knowing that he or she has access to everything in the company.
  • Replacement – One common scam is to step into the middle of a transaction and reroute funds. For example, they hack a business associate to whom you’re going to send money. They send you an email saying the routing and account number have changed. Call that person. Don’t believe the email. Verify it personally with that person before you send money.
How Spam Filtering Software Works

The standard spam filter uses a combination of AI and community information to figure out what’s spam.

The artificial intelligence portion looks at how the email is written, the address it’s coming from, and the topic. It will throw that into the quarantine.

In modern solutions, the artificial intelligence will run a scan and monitor how you the user write your emails.  If it recognizes you requesting something odd, such as a change to your direct deposit, or spelling things in ways you typically wouldn’t, it will quarantine the email.

The community information is when the email or email security provider, like Google, Microsoft, or Barracuda, gets enough spam complaints from a single address. The system then sees those emails as spam.

The Next Level

There is a higher level of spam filtering that every company should have. It actively scans every email.

This software will hold all of the emails in the cloud while it not only scans everything that’s mentioned above, but it actively scans any links in the emails. The system is looking for redirects, unknown email addresses or web addresses, and other indications of fraud.

It also looks for viruses and malware embedded in the email or at any of the links. Active scanning can keep bad emails from ever showing up in your inbox.

This adds another layer of protection on your email inbox and helps you keep control of what you’re seeing, let alone clicking.

Some people complain that this can slow down emails that they’re waiting for, but in most cases, unless there’s an actual problem, it’s microseconds for the system to analyze an email.

Putting Email Protection in Place

Putting email protection systems in place will require understanding the level of information being exchanged and how the company’s email system is configured.

It’s equal parts software and human behavior.

Here are a couple the levels of protection that can be installed:

  1. Antivirus with automatic email scanning – This is the first step. Not only will the antivirus work to protect your computer or servers, but it actively scans emails as discussed above.
  2. Phishing and Internet Security – These programs protect the company from scams that are found on websites. This can include keyloggers that track every keystroke on a computer. This captures our login information everywhere you go and will go in to pretend it’s you.

In many cases, all of these functions can be found in a single piece of software.

If you have a managed IT service for your servers and workstations, your provider should have already implemented this type of software. It’s worth asking to know that your assets are actually protected.

The most important protection you can put in place is education. Whether it’s sending information, clicking a link, or downloading a bad file, almost every email hack requires that a person does something.