IT Central Station is now PeerSpot: Here's why
2022-06-17T07:03:00Z

Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?

reviewer1740369 - PeerSpot reviewer
User at Jkumar infra
81

Hello all,

An anti-virus (AV) works based on the file signature mechanism and an Endpoint Detection and Response (EDR) tool is behavior-based. 

Do we need to use both EDR and AV solutions or EDR-only to protect our IT assets?

 Thanks.

PeerSpot user
Guest
66 Answers

Shibu Babuchandran - PeerSpot reviewer
ExpertModeratorReal User

Hi @reviewer1740369​,


When evaluating EDR vs. antivirus, it’s important to note that an Endpoint Detection and Response solution does all that the best antivirus product does – and more. Typically it is recommended other antivirus tools be removed when an EDR solution is installed. 


Running both can cause slowness or other technical issues on systems and devices. To defend against complex and evolving threats, the choice is clear – Endpoint Detection and Response will give you more advanced security.

2022-06-19T06:47:36Z
Shibu Babuchandran - PeerSpot reviewer
ExpertModeratorReal User

Hi @reviewer1740369​,


Hope this will be helpful when you have to take a call for exact differences.


EDR Features:
1. EDR includes real-time monitoring and detection of threats – including those that may not be easily recognized or defined by standard antivirus. Also, EDR is behavior-based, so it can detect unknown threats based on a behavior that isn’t normal.


2. Data collection and analysis determine threat patterns and alerts organizations to threats


3. Forensic capabilities can assist in determining what has happened during a security event


4. EDR can isolate and quarantine suspicious or infected items. It often uses sandboxing to ensure a file’s safety without disrupting the user’s system.


5. EDR can include automated remediation or removal of certain threats


Antivirus Features:


1. Antivirus is signature-based, so it only recognizes threats that are known.


2. AV can include scheduled or regular scanning of protected devices to detect known threats


3. Assists in the removal of more basic viruses (worms, trojans, malware, adware, spyware, etc.)


4. Warnings about possibly malicious sites

2022-06-19T06:51:17Z
Carsten Dan Petersen - PeerSpot reviewer
Reseller

The short answer is no. EDR includes EPP (EndPoint Protection) which is more advanced that antivirus and detects zero-day threats, malicious behaviour and much more. 


Also, products like SentinelOne make Incident Response and threat hunting so much easier because they track and record all the relevant events happened during an attack.

2022-06-24T07:27:29Z
Jairo Willian Pereira - PeerSpot reviewer
Top 5LeaderboardReal User

´til now, both. EDR technology is moving to XDR but is on "peak of inflated expectations", the second of five phases in product development hype (Gartner). I'd rather wait a little bit, may be ZDR :)

2022-08-05T18:53:35Z
Kevin Mabry - PeerSpot reviewer
Top 5Real User

Hi, 


No, you don't need both because EDR is an advanced Antivirus with behavior-based analysis. 


Unless you have a whole team that is able to determine and parse the data, you might even consider an MDR (Managed Detection & Response).  MDRs have a team watching the alerts. They monitor the device logs and, if it is advanced enough, they will also monitor your firewall traffic as well.

2022-06-27T05:06:11Z
AnonymousE - PeerSpot reviewer
Reseller

These two solutions are more like complementary tools. 


However, if you "really" have a security team that works 24/7, then you might not need an AV but this team should be really competent. Otherwise, it won't produce the result you're expecting.

2022-06-24T13:45:19Z
Buyer's Guide
IT Asset Management
July 2022
Find out what your peers are saying about ServiceNow, Freshworks, IFS and others in IT Asset Management. Updated: July 2022.
620,987 professionals have used our research since 2012.