SlideShare a Scribd company logo

Endpoint Protection Comparison.pdf

Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

edr

Technology
1 of 12
Download to read offline
Follow Ministry of Security on 2 | P a g e EPP vs EDR EPP (ENDPOINT PROTECTION PLATFORM) EDR (ENDPOINT DETECTION & RESPONSE) Prevents a wide variety of known and unknown threat Used to respond to threat that have already affected the endpoint First line of defense – scan, identify and block Second line of defense – contain, investigate and respond Passive – protect against known and easily identifiable against threat Active – used to counter evasive threats that gets past security threats defenses or for proactive threat hunting Protect endpoint but does not provide in-depth data about the threat on the endpoint Aggregate data from multiple endpoints to enable forensic investigations EPP is focused on prevention EDR is focused on detection and response EPP relies on signatures and heuristics EDR uses behavioral analytics to detect threats EPP only provides visibility into the activity that is related to malware EDR can provide visibility into all activity on a device EPP cannot investigate security incidents EDR can be used to investigate and contain security incidents Machine learning to support behavioural analysis Traditional threat monitoring Prevent unknown attacks, verifies indicators of compromise (IoC), memory consumption and vulnerabilities Antivirus is generally a single program that serves basic purposes like scanning, detecting and removing viruses and different types of malware
Follow Ministry of Security on 3 | P a g e EDR vs XDR EDR (ENDPOINT DETECTION & RESPONSE) XDR (EXTENDED DETECTION & RESPONSE) Limited to one security layer Crosses multiple security layers – endpoints, networks traffics, identity management, cloud workloads, email, virtual containers, sensors (from operational technology, or OT) Completed by NTA tools but not strongly integrated with them Provides both endpoints and network security in one platform Separate tools that needs to be managed alongside other security tools Unified platform that provides a single point of reference for security analyst EDR is a new generation of anti- malware Provider improved detection and response to day-to-day security incidents EDR no longer relying solely on signature systems to perform malicious behavior detection Increased overall productivity of security personnel EDR adds behavioral process analysis capabilities to determine deviance. Lowered the total cost of ownership (TCO) of the security stack EDR does support Forensic Forensic - Investigate incidents swiftly with comprehensive forensics evidence EDR does support Forensic Host Insight - Find vulnerabilities and sweep across endpoints to eradicate threats EDR does support Host base inventory Host inventory Pinpoint attacks identify behavioral deviations Pinpoint attacks with AI-driven analytics and coordinate response File Search and Destroy
Follow Ministry of Security on 4 | P a g e Introduction From day of evolution of computer era, endpoint is the simplest route for the security threats which is rapidly evolving. Though organizations have transitioned from simple antivirus software to full endpoint protection platforms (EPPs) that provide well-rounded, preventive security capabilities for endpoints to endpoint detection and response (EDR) solutions that complement EPP by adding the ability to actively respond to endpoint security breaches. Today, allthese security technologies are overshadowed by a new model called XDR or Extended Detection and Response. Since, endpoints have long been a major target for attackers. Whether located in a user’s pocket, in the cloud, on IoT devices, or in anorganization’s server room, the data needs to be protected both inside and outside the traditional security perimeter. Antivirus Product Capability Support Platform Supports Windows Operating System Linux - Ubuntu 16.04 to 22.4 and upcoming versions Cloud workloads, Containers, Kubernetes Android - All version MacOS - All version and upcoming versions Hardware Platform Desktop, Laptop, Server, Cloud, VM’s, VDI
Follow Ministry of Security on 5 | P a g e Antivirus Portfolio/Baseline Features Description NBA Solution should have capability monitoring the network behavior analysis UBA Solution should have capability monitoring the user behavior analysis Deception Solution to stop attackers from breaching your system and causing damage Web Security Reliably protects your PC against viruses, spyware, trojans and other malware Faster, More Complete Investigation & Response MITRE ATT&CK Evaluation 100% threat prevention Response Action Live Terminal Endpoint isolation External Dymanic list (EDL) Script Execution Remediation analysis Incident Scoring Rules Featured Alert Fields Application Control Standard category wise application Allow/Block Custom extension-based application Allow/Block Device Control (Should work on all OS windows, MacOS and Linux) Mass storage allow/block, read only MTP/PTP- block/allow Bluetooth - allow / block Thunderbolt - allow / block Camera - allow / block Card reader - allow /block USB Printer- allow / block Wi-Fi printer - allow / block Firewall Host Firewall
Follow Ministry of Security on 6 | P a g e Host-based IDS and IPS Email Protection Antispam, Anti Phishing File integrity monitoring File integrity monitoring EDR/XDR Real time malware detection, protection and prevention Behavioural analysis Signature based analysis Real time threat analysis and advanced threat detection Malicious traffic detection Anti-Ransomware - Recognized & Unrecognized Ransomware Protection Detect suspicious activities and blocks them before any breach occurs Policy/ Rule based Host isolation Manual Host isolation isolated host accessibility and integration from management console without physical intervention with client machine Managed Threat Response (MTR) Deep Alert Analysis Threat Hunting, Suspicious Behavior Detection, Investigation and Remediation Exploit Prevention File-less Attacks Malware-Free Attacks Zero Day Attacks Exploit-based Attacks Toolkit blocking Artificial Intelligence & Machine learning Proactive techniques to detect malicious traffic as well as protect from attracters Malicious traffic detection and prevention
Follow Ministry of Security on 7 | P a g e Patch and Vulnerability Assessment, Real time monitoring and rapid mitigation of detected threats Root Cause Analysis Deep analytics on what, when, where and how incident happened. Logs Real time log synchronization between endpoint and server Log Retention period (Min 90 days) and policy Possibility of log retention period extension Event alert and notification Real time event alert and notification Temper Protection Should work on windows, MacOS and Linux Central management with single console Agent Deployment, Update (installer and bundled package) Asset Inventory Policy Configuration and Enforcement Dashboard Report Custom report Drill down analysis report Schedule report Management report with charts Host Performance Low CPU Utilization Low Hard Disk Utilization Low RAM Utilization Integration integration with security information and event management (SIEM )tools Subject Matter Expert Availability 24x7 technical support - on call, email, chat Others Data loss prevention Drive encryption No confliction with other antivirus installed in system
Follow Ministry of Security on 8 | P a g e Deployment Ability to be managed by central management on-cloud and on-prem Password Exposure The solution shall be able to prevent corporate password reuse Browsing protection Ability to prevent browser-based attacks by installing thin client on web browser to provide full SSL inspection Document security Ability to extract malicious content from document and deliver safe file to user immediately Disk Encryption Solution should support Bitlocker encryption Web Control Website browsing protection and content filtering Evolution of Antivirus to Next-Gen AV Antivirus - Antivirus (AV) protection is the most common type of endpoint security, especially among consumer electronics. Endpoint protection platform - Endpoint protection platform (EPP) is advance antivirus tools with a key feature called machine learning to support behavioural analysis, extending traditional threat monitoring beyond known threats, prevent unknown attacks, verifies indicators of compromise (IoC), monitors a device’s memory to identify irregular patterns in memory consumption. EPP is advance than antivirus protection for widespread endpoint management and threat prevention in large companies, but some sophisticated attacks are still able to evade detection. EPP is useful for identifying vulnerabilities and preventing attacks. Endpoint Detection and Response - Endpoint Detection and Response (EDR) represent the newest and most advanced layer of endpoint protection platform.
Follow Ministry of Security on 9 | P a g e Typically, it expands EPP support for AI, machine learning, threat intelligence, and behavioral analysis to create a collation that neutralizes attacks. For e.g.: EPP is a shield, EDR is a sword An EDR system collects and analyzes data from endpoints across a network so it can stop an attack in its tracks. Once the threat has been removed, EDR can then be used to trace the exact source of the attack so similar events can be prevented in the future. EDR functions as a centralized management hub for an organization’s endpoints network-wide. It acts to stop an attack at the earliest signs of detection, even before a human administrator learns that a threat exists. Whereas EPP is a first line of defense that provides passive threat prevention, EDR actively works to mitigate network attacks before they can cause significant damage. Extended Detection and Response - XDR solutions are a compelling alternative to EDR and traditional EPP. They provide improved threat intelligence, AI/ML analysis, applied to combined data from across the IT environment. They allow organizations to derive more value from existing investments in EDR, SIEM and security orchestration and automation (SOAR). Limitations of XDR - XDR solutions are expected to provide a deeper understanding of the data generated by many other security technologies, but this can be a double-edged sword. While these solutions may have good knowledge of security technologies from the same vendor ecosystem, they may not have the same analytics capabilities for data generated from systems by other vendors. Therefore, the deployment of XDR technology could lock you into a specific security technology ecosystem. If your organization is already pursuing a single vendor strategy, this may not be an issue. However, this can be an obstacle if you are taking a best-of-breed approach. Companies should consider whether the enhanced analytical value provided by the XDR solution is sufficient to justify a closer dependence on a specific security vendor.
Follow Ministry of Security on 10 | P a g e Antivirus Uses Advantages Disadvantages Signature similarity Antivirus can’t protect against everything Heuristic analysis It can slow down your computer Integrity checking It can be expensive to maintain. Prevents a wide variety of known and unknown threat It can generate false positives (warnings about threats that aren’t present). First line of defense – scan, identify and block It can miss new threats that haven’t been identified yet. Passive – protect against known and easily identifiable against threat It can be difficult to configure and manage. Protect endpoint but does not provide in-depth data about the threat on the endpoint It can create security holes if not properly configured. Machine learning to support behavioural analysis It requires regular updates to stay effective. Traditional threat monitoring It can be disabled or bypassed by malware. Prevent unknown attacks, verifies indicators of compromise (IoC), memory consumption and vulnerabilities It can give you a false sense of security. Antivirus is generally a single program that serves basic purposes like scanning, detecting and removing viruses and different types of malware antivirus will only catch known threats One limitation of antivirus programs is that they can often cause false positives. insufficient to protect such a large- scale and continuously expanding digital perimeter.
Follow Ministry of Security on 11 | P a g e Conclusion In this endpoint security article, we introduced multiple technologies like AV, EPP, EDR, and XDR solutions, and explained the basic differences between these solutions. In reality, these solution categories are not separate or alternative. Traditional AV, EPP and EDR is an essential component of modern security strategies. XDR is widely considered to be the future of endpoint security, but it does not replace AV/EPP/EDR. Rather, it leverages them and consolidates them with other parts of the security stack, to deliver improved security. Author Vikas Vasant Upade
Follow Ministry of Security on 12 | P a g e

Recommended

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guideColleen Johnson
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 

Recommended

How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Intelligent security operations a staffing guide
Intelligent security operations a staffing guideIntelligent security operations a staffing guide
Intelligent security operations a staffing guideColleen Johnson
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptxAmineRached2
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Information security
Information security Information security
Information securityJin Castor
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptxSentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptxssuser951f851
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Endpoint security
Endpoint securityEndpoint security
Endpoint securityS.M. Towhidul Islam
 

More Related Content

What's hot

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Information security
Information security Information security
Information securityJin Castor
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptxSentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptxssuser951f851
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 

What's hot (20)

Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Security metrics
Security metrics Security metrics
Security metrics
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Information security
Information security Information security
Information security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptxSentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
SentinelOne-Connector-For-Fortinet-Launch-Deck-Final (1).pptx
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 

Similar to Endpoint Protection Comparison.pdf

Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-securityÜstün Koruma
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security SolutionsHassaanSahloul
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint ProtectionDan Buckley
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint ProtectionDan Buckley
 
Advanced business endpoint protection (1)
Advanced business endpoint protection (1)Advanced business endpoint protection (1)
Advanced business endpoint protection (1)Dan Buckley
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxkarlhennesey
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRNetpluz Asia Pte Ltd
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Securityxsy
 

Similar to Endpoint Protection Comparison.pdf (20)

Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
Endpoint security
Endpoint securityEndpoint security
Endpoint security
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability Assessments
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-security
 
Lumension Security Solutions
Lumension Security SolutionsLumension Security Solutions
Lumension Security Solutions
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint Protection
 
Advanced Business Endpoint Protection
Advanced Business Endpoint ProtectionAdvanced Business Endpoint Protection
Advanced Business Endpoint Protection
 
Advanced business endpoint protection (1)
Advanced business endpoint protection (1)Advanced business endpoint protection (1)
Advanced business endpoint protection (1)
 
SIEM vs EDR
SIEM vs EDRSIEM vs EDR
SIEM vs EDR
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
Overall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docxOverall Security Process Review CISC 6621Agend.docx
Overall Security Process Review CISC 6621Agend.docx
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
50120140501013
5012014050101350120140501013
50120140501013
 
The Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDRThe Best Just Got Better, Intercept X Now With EDR
The Best Just Got Better, Intercept X Now With EDR
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP

More from Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP (10)

Business Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptxBusiness Strategies and Frameworks by Slidesgo.pptx
Business Strategies and Frameworks by Slidesgo.pptx
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
 
slide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdfslide-webninar-kik-r2-2 (1).pdf
slide-webninar-kik-r2-2 (1).pdf
 
7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf7-Cloudy with a chance of digitalization.pdf
7-Cloudy with a chance of digitalization.pdf
 
Privacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdfPrivacy Risk Study 2023 – Executive Summary.pdf
Privacy Risk Study 2023 – Executive Summary.pdf
 
لعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdfلعرض تقديمي متميز.pdf
لعرض تقديمي متميز.pdf
 
Ali Ababneh-CV.pdf
Ali Ababneh-CV.pdfAli Ababneh-CV.pdf
Ali Ababneh-CV.pdf
 
اداره 3.ppt
اداره 3.pptاداره 3.ppt
اداره 3.ppt
 
Privacy (1).pptx
Privacy (1).pptxPrivacy (1).pptx
Privacy (1).pptx
 
Cv for ala' zayadeen
Cv for ala' zayadeen Cv for ala' zayadeen
Cv for ala' zayadeen
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Endpoint Protection Comparison.pdf

  • 1.
  • 2. Follow Ministry of Security on 2 | P a g e EPP vs EDR EPP (ENDPOINT PROTECTION PLATFORM) EDR (ENDPOINT DETECTION & RESPONSE) Prevents a wide variety of known and unknown threat Used to respond to threat that have already affected the endpoint First line of defense – scan, identify and block Second line of defense – contain, investigate and respond Passive – protect against known and easily identifiable against threat Active – used to counter evasive threats that gets past security threats defenses or for proactive threat hunting Protect endpoint but does not provide in-depth data about the threat on the endpoint Aggregate data from multiple endpoints to enable forensic investigations EPP is focused on prevention EDR is focused on detection and response EPP relies on signatures and heuristics EDR uses behavioral analytics to detect threats EPP only provides visibility into the activity that is related to malware EDR can provide visibility into all activity on a device EPP cannot investigate security incidents EDR can be used to investigate and contain security incidents Machine learning to support behavioural analysis Traditional threat monitoring Prevent unknown attacks, verifies indicators of compromise (IoC), memory consumption and vulnerabilities Antivirus is generally a single program that serves basic purposes like scanning, detecting and removing viruses and different types of malware
  • 3. Follow Ministry of Security on 3 | P a g e EDR vs XDR EDR (ENDPOINT DETECTION & RESPONSE) XDR (EXTENDED DETECTION & RESPONSE) Limited to one security layer Crosses multiple security layers – endpoints, networks traffics, identity management, cloud workloads, email, virtual containers, sensors (from operational technology, or OT) Completed by NTA tools but not strongly integrated with them Provides both endpoints and network security in one platform Separate tools that needs to be managed alongside other security tools Unified platform that provides a single point of reference for security analyst EDR is a new generation of anti- malware Provider improved detection and response to day-to-day security incidents EDR no longer relying solely on signature systems to perform malicious behavior detection Increased overall productivity of security personnel EDR adds behavioral process analysis capabilities to determine deviance. Lowered the total cost of ownership (TCO) of the security stack EDR does support Forensic Forensic - Investigate incidents swiftly with comprehensive forensics evidence EDR does support Forensic Host Insight - Find vulnerabilities and sweep across endpoints to eradicate threats EDR does support Host base inventory Host inventory Pinpoint attacks identify behavioral deviations Pinpoint attacks with AI-driven analytics and coordinate response File Search and Destroy
  • 4. Follow Ministry of Security on 4 | P a g e Introduction From day of evolution of computer era, endpoint is the simplest route for the security threats which is rapidly evolving. Though organizations have transitioned from simple antivirus software to full endpoint protection platforms (EPPs) that provide well-rounded, preventive security capabilities for endpoints to endpoint detection and response (EDR) solutions that complement EPP by adding the ability to actively respond to endpoint security breaches. Today, allthese security technologies are overshadowed by a new model called XDR or Extended Detection and Response. Since, endpoints have long been a major target for attackers. Whether located in a user’s pocket, in the cloud, on IoT devices, or in anorganization’s server room, the data needs to be protected both inside and outside the traditional security perimeter. Antivirus Product Capability Support Platform Supports Windows Operating System Linux - Ubuntu 16.04 to 22.4 and upcoming versions Cloud workloads, Containers, Kubernetes Android - All version MacOS - All version and upcoming versions Hardware Platform Desktop, Laptop, Server, Cloud, VM’s, VDI
  • 5. Follow Ministry of Security on 5 | P a g e Antivirus Portfolio/Baseline Features Description NBA Solution should have capability monitoring the network behavior analysis UBA Solution should have capability monitoring the user behavior analysis Deception Solution to stop attackers from breaching your system and causing damage Web Security Reliably protects your PC against viruses, spyware, trojans and other malware Faster, More Complete Investigation & Response MITRE ATT&CK Evaluation 100% threat prevention Response Action Live Terminal Endpoint isolation External Dymanic list (EDL) Script Execution Remediation analysis Incident Scoring Rules Featured Alert Fields Application Control Standard category wise application Allow/Block Custom extension-based application Allow/Block Device Control (Should work on all OS windows, MacOS and Linux) Mass storage allow/block, read only MTP/PTP- block/allow Bluetooth - allow / block Thunderbolt - allow / block Camera - allow / block Card reader - allow /block USB Printer- allow / block Wi-Fi printer - allow / block Firewall Host Firewall
  • 6. Follow Ministry of Security on 6 | P a g e Host-based IDS and IPS Email Protection Antispam, Anti Phishing File integrity monitoring File integrity monitoring EDR/XDR Real time malware detection, protection and prevention Behavioural analysis Signature based analysis Real time threat analysis and advanced threat detection Malicious traffic detection Anti-Ransomware - Recognized & Unrecognized Ransomware Protection Detect suspicious activities and blocks them before any breach occurs Policy/ Rule based Host isolation Manual Host isolation isolated host accessibility and integration from management console without physical intervention with client machine Managed Threat Response (MTR) Deep Alert Analysis Threat Hunting, Suspicious Behavior Detection, Investigation and Remediation Exploit Prevention File-less Attacks Malware-Free Attacks Zero Day Attacks Exploit-based Attacks Toolkit blocking Artificial Intelligence & Machine learning Proactive techniques to detect malicious traffic as well as protect from attracters Malicious traffic detection and prevention
  • 7. Follow Ministry of Security on 7 | P a g e Patch and Vulnerability Assessment, Real time monitoring and rapid mitigation of detected threats Root Cause Analysis Deep analytics on what, when, where and how incident happened. Logs Real time log synchronization between endpoint and server Log Retention period (Min 90 days) and policy Possibility of log retention period extension Event alert and notification Real time event alert and notification Temper Protection Should work on windows, MacOS and Linux Central management with single console Agent Deployment, Update (installer and bundled package) Asset Inventory Policy Configuration and Enforcement Dashboard Report Custom report Drill down analysis report Schedule report Management report with charts Host Performance Low CPU Utilization Low Hard Disk Utilization Low RAM Utilization Integration integration with security information and event management (SIEM )tools Subject Matter Expert Availability 24x7 technical support - on call, email, chat Others Data loss prevention Drive encryption No confliction with other antivirus installed in system
  • 8. Follow Ministry of Security on 8 | P a g e Deployment Ability to be managed by central management on-cloud and on-prem Password Exposure The solution shall be able to prevent corporate password reuse Browsing protection Ability to prevent browser-based attacks by installing thin client on web browser to provide full SSL inspection Document security Ability to extract malicious content from document and deliver safe file to user immediately Disk Encryption Solution should support Bitlocker encryption Web Control Website browsing protection and content filtering Evolution of Antivirus to Next-Gen AV Antivirus - Antivirus (AV) protection is the most common type of endpoint security, especially among consumer electronics. Endpoint protection platform - Endpoint protection platform (EPP) is advance antivirus tools with a key feature called machine learning to support behavioural analysis, extending traditional threat monitoring beyond known threats, prevent unknown attacks, verifies indicators of compromise (IoC), monitors a device’s memory to identify irregular patterns in memory consumption. EPP is advance than antivirus protection for widespread endpoint management and threat prevention in large companies, but some sophisticated attacks are still able to evade detection. EPP is useful for identifying vulnerabilities and preventing attacks. Endpoint Detection and Response - Endpoint Detection and Response (EDR) represent the newest and most advanced layer of endpoint protection platform.
  • 9. Follow Ministry of Security on 9 | P a g e Typically, it expands EPP support for AI, machine learning, threat intelligence, and behavioral analysis to create a collation that neutralizes attacks. For e.g.: EPP is a shield, EDR is a sword An EDR system collects and analyzes data from endpoints across a network so it can stop an attack in its tracks. Once the threat has been removed, EDR can then be used to trace the exact source of the attack so similar events can be prevented in the future. EDR functions as a centralized management hub for an organization’s endpoints network-wide. It acts to stop an attack at the earliest signs of detection, even before a human administrator learns that a threat exists. Whereas EPP is a first line of defense that provides passive threat prevention, EDR actively works to mitigate network attacks before they can cause significant damage. Extended Detection and Response - XDR solutions are a compelling alternative to EDR and traditional EPP. They provide improved threat intelligence, AI/ML analysis, applied to combined data from across the IT environment. They allow organizations to derive more value from existing investments in EDR, SIEM and security orchestration and automation (SOAR). Limitations of XDR - XDR solutions are expected to provide a deeper understanding of the data generated by many other security technologies, but this can be a double-edged sword. While these solutions may have good knowledge of security technologies from the same vendor ecosystem, they may not have the same analytics capabilities for data generated from systems by other vendors. Therefore, the deployment of XDR technology could lock you into a specific security technology ecosystem. If your organization is already pursuing a single vendor strategy, this may not be an issue. However, this can be an obstacle if you are taking a best-of-breed approach. Companies should consider whether the enhanced analytical value provided by the XDR solution is sufficient to justify a closer dependence on a specific security vendor.
  • 10. Follow Ministry of Security on 10 | P a g e Antivirus Uses Advantages Disadvantages Signature similarity Antivirus can’t protect against everything Heuristic analysis It can slow down your computer Integrity checking It can be expensive to maintain. Prevents a wide variety of known and unknown threat It can generate false positives (warnings about threats that aren’t present). First line of defense – scan, identify and block It can miss new threats that haven’t been identified yet. Passive – protect against known and easily identifiable against threat It can be difficult to configure and manage. Protect endpoint but does not provide in-depth data about the threat on the endpoint It can create security holes if not properly configured. Machine learning to support behavioural analysis It requires regular updates to stay effective. Traditional threat monitoring It can be disabled or bypassed by malware. Prevent unknown attacks, verifies indicators of compromise (IoC), memory consumption and vulnerabilities It can give you a false sense of security. Antivirus is generally a single program that serves basic purposes like scanning, detecting and removing viruses and different types of malware antivirus will only catch known threats One limitation of antivirus programs is that they can often cause false positives. insufficient to protect such a large- scale and continuously expanding digital perimeter.
  • 11. Follow Ministry of Security on 11 | P a g e Conclusion In this endpoint security article, we introduced multiple technologies like AV, EPP, EDR, and XDR solutions, and explained the basic differences between these solutions. In reality, these solution categories are not separate or alternative. Traditional AV, EPP and EDR is an essential component of modern security strategies. XDR is widely considered to be the future of endpoint security, but it does not replace AV/EPP/EDR. Rather, it leverages them and consolidates them with other parts of the security stack, to deliver improved security. Author Vikas Vasant Upade
  • 12. Follow Ministry of Security on 12 | P a g e