2020-05-25T12:38:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
  • 15
  • 4431

What is the difference between EDR and traditional antivirus?

Can EDR replace antivirus, or are both needed?

18
PeerSpot user
18 Answers
ShreekumarNair - PeerSpot reviewer
Chief Executive Officer at Vincacyber
Real User
2020-05-27T04:45:37Z
May 27, 2020

You can use EDR solutions to track, monitor, and analyze data on endpoints to enhance the fortification of your environment. Generally, EDR tools do not replace traditional tools like antivirus and firewalls; they work beside them to provide enhanced security capabilities. It is becoming the preferred technology for enterprises to provide better security for their networks when compared with the traditional antivirus.

EDR solutions have many capabilities and advantages which are not offered by traditional antivirus programs. It comes loaded with different analytical tools that run in the background to ensure the monitoring and reporting of threats. However, all EDR solutions do not perform the same range of functions. Their scope and nature of activities differ depending on the type of EDR solutions that you choose.

Traditional antivirus programs are more simplistic and limited in scope compared to the modern EDR systems. Antivirus is generally a single program which serves basic purposes like scanning, detecting and removing viruses and different types of malware.

Antiviruses are more of a decentralized security system that falls short of providing adequate security to the ever-expanding digital networks. The IT network and perimeter of enterprises have witnessed even faster growth due to the mobile revolution.

Search for a product comparison in EDR (Endpoint Detection and Response)
JR
CTO at Systema Global Solusindo
Consultant
Top 5Leaderboard
2021-07-16T04:42:29Z
Jul 16, 2021

The differences are:


Detection methods standpoint


Antivirus uses traditional method of database signature. It combines malware information such as hashes of the file, name, certain code signature in the virus functionality. It is static. 


EDR uses different method such as dynamic behaviour of the virus / malware. It scans the processes and methods a file is interacting with the OS. They will have baseline to see if a behaviour is malicious or not.

Functionality range


Antivirus simply detect and delete the virus. It didn't see the behaviour of the virus/ malware. If it is in the virus signature database, it will be able to clean/remove/quarantine the endpoint.


EDR does much more, it could remediate the actions of the virus/malware because it monitors the endpoint processes and behaviours. Certain techniques could be reversed while not all.

AV is using a negative security model approach. EDR is using a positive security model approach. So unless you cannot tune your security policies to be really strict - to gain an advantage of the positive security model, you might want to still resort to the negative security model approach.



Can EDR replace Antivirus?


Depends. Several EDR vendors incorporate AV detection methods and still combining the use of a static database of virus signature with the modern behaviour detection. So if you are using the EDR which can provide AV functionality - yes you are good to go. Generally, you could choose those vendors who were initially AV vendors and later on evolve their products to become EDR.


Other EDR specifically only function as threat hunting or digital forensic tools, they do complete behaviour monitoring of the systems and will not have AV detection methods. This will be problematic for some users although not all because the EDR will provide much more noise and you will have to really tune the policy so that it will behave according to your organization needs. These types of vendors are not particularly AV vendors, but rather different cybersecurity vendors which complement their capabilities with the EDR proposition.

AW
User at a tech services company with 11-50 employees
Real User
2021-07-15T03:05:29Z
Jul 15, 2021

Some products incorporate AV into the EDR as the basic element. 


Considering the budget, some users might choose the AV. EDR is much more powerful than AV when you need forensics. The traditional AV is signature-based and heuristic. EDR leverages more, e.g. Deep Learning, Behavioral Analysis, ...

PM
Managing Member at Commerce Technologies LLC
User
2021-07-16T00:33:31Z
Jul 16, 2021

EDR goes far beyond traditional antivirus. 


It can detect ransomware attacks, malware, rogue programs, and viruses, as well as automatically isolate any infected system from your network. It can also detect unknown infections by detecting activities consistent with viruses or encryption. And, in the event anything did get through, you can roll back your infected system for up to 72 hours. 


If something got through and infected your network, the response is included, and their techs will come out at no additional charge to assist in restoring your network and data. Of course, even better than EDR or antivirus is a well-trained staff that knows not to click on links or open files in suspicious emails.

AT
Managing Director at FOX DATA
Reseller
Top 5Leaderboard
2021-07-15T06:51:36Z
Jul 15, 2021

Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioural detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented. NGAV is cloud-based, which allows it to be deployed in hours instead of months, and the burden of maintaining software, managing infrastructure, and updating signature databases is eliminated.


NGAV is the next step in endpoint protection, using a signature-less approach to deliver more complete and effective endpoint security than is possible with legacy AV.


Protects against the entire spectrum without requiring daily and cumbersome updates


Combines the best prevention technologies — machine learning, AI, indicators of attack (IOAs), exploit blocking and more — to stop ransomware and malware-free and fileless attacks


Covers the gaps left by legacy AV and fully protects endpoints online and offline


FULL ATTACK VISIBILITY Unravels an entire attack in one easy-to-grasp process tree enriched with contextual and threat intelligence data


Legacy AV


Legacy AV uses strings of characters called signatures that are associated with specific types of malware to detect and prevent further attacks of similar types. This approach is becoming obsolete as sophisticated attackers have found ways around legacy AV defenses, such as by leveraging fileless attacks that use macros, scripting engines, in-memory, execution, etc.,


Legacy AV leaves organizations locked into a reactive mode, only able to defend against known malware and viruses catalogued in the AV provider’s database. That approach was the best available in the past, but today, when unknown threats need to be addressed with the same rigour as known threats, it is sorely inadequate.


Basically, Legacy AV lacks-


Detection of Unknown Threats: Relies on signatures, which are hard to update and ineffective against file-less attacks


Impact on End Point: Scans and updates consume high percentages of resources and slow down endpoints


Deployment is complex


NGAV eliminates these shortcomings as the integration of more sophisticated prevention methods – such as machine learning, behavioural detection, and artificial intelligence – eliminates the sole reliance on signatures to detect malicious activity. NGAV protects against unknown threats as well as known threats, which is increasingly important as the use of fileless attacks rises among attackers. NGAV enables both types of threats to be exposed in near real-time, and is much more effective at helping organizations block these threats at a far greater speed than in the past.


NGAV solutions are designed to employ a single, lightweight agent that is unobtrusive in nature and has a minimal impact on the endpoint.


Reference: Our successful partnership engagement and experience with Crowdstrike


SAMUELMWANGI - PeerSpot reviewer
Director at Calidad Systems Limited
Real User
Top 5Leaderboard
2021-07-15T05:29:40Z
Jul 15, 2021

EDR is a more advanced program that collects data from the nodes and also does analysis and identifies where the threat is originating from.


Antivirus or AV is a single program that is used to scan files and OS for known threats like Trojan, worms, and Malware.

Learn what your peers think about Sophos Intercept X. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
670,331 professionals have used our research since 2012.
MS
Sr. Technology Architect at Incedo Inc.
Real User
Top 5
2021-07-14T19:49:23Z
Jul 14, 2021

Yes, EDR replaces traditional Antivirus, as it's one step up from traditional antivirus. It includes all the features of Antivirus as well as has advanced features.

RG
Client Executive at a computer software company with 1,001-5,000 employees
User
2021-07-16T13:39:31Z
Jul 16, 2021

Anti-virus is a signature-based approach that first entered the market almost 39 years ago. Adversaries have learned to have continuous and persistent changes to their code to thwart these systems.  


EDR is the next generation of these technologies that looks at behaviors and not signatures. Anti-virus is bad, EDR is good!

SAMUELMWANGI - PeerSpot reviewer
Director at Calidad Systems Limited
Real User
Top 5Leaderboard
2021-07-16T06:24:18Z
Jul 16, 2021

EDR is modern technology. Hence it can detect and clear threats, so when using EDR you don't need to use antivirus.


When both are used they will slow the machine and sometimes cause technical issues.

KW
Chief Research Officer at tiberium
User
2021-07-15T13:46:46Z
Jul 15, 2021

A very broad church. EDR has now moved on to XDR (Extended Detection and Response). 


Detection is driven by legacy signature methods in most, if not all endpoint products. This is augmented with activity anomaly recognition etc. As with everything - it isn't what you have got, it is what you do with it, 


If you have a Microsoft estate, feel free to contact me for sales-free advice. 

PP
Management Executive at a security firm with 11-50 employees
Real User
Top 5
2021-07-15T11:41:46Z
Jul 15, 2021

EDR  simply put is a next gen antivirus with much more capability. Look at Cynet

BH
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5Leaderboard
2020-05-27T18:59:38Z
May 27, 2020

So this is what WIKI says about EDR.
EDR systems detect all endpoint threats and provide real-time response to the identified threats. ... EDR systems also collect high-quality forensic data which is needed for incident response and investigations. Overall, EDR security systems are much better equipped at handling cyber threats than traditional antivirus.

But INHO, it depends. It depends on the products you are looking at, it depends on the cost, it depends on what you are trying to cover or prevent from happening and it depends on the tools' capabilities. Some tools are better than others. Some a/v is better then EDR, Some EDR is better than a/v. It's a very active space with a HUGE amount of contenders all vying for your security dollars. You just have to ask them the right questions and bounce their answers against their competitors, your bosses, and your friends opinions to get out of it what you need, for the least cost and most coverage. Do some POCs, RFIs to see what fits for you and your environment and needs first before you decide. Then spend the next 3 yrs extracting every bit of juice out of the tool you can to make it purr like a kitten.

If you don't need it and you can get by on defender as a 80% solution then go with defender. If you need carbon black and mcafee do that. It comes down to your needs and what's good enough for you.

NW
Global Channel Manager at Custodian360
Real User
2020-05-26T15:39:00Z
May 26, 2020

EDR can replace antivirus, if you get the right EDR solution. A solution that comprises EPP and EDR into one is a replacement for traditional antivirus. EPP provides all the protection you would get from antivirus and more. Happy to discuss further if you have anymore questions

MD
IT Project Manager at a tech services company with 51-200 employees
User
2020-05-26T11:35:56Z
May 26, 2020

Hello EDR can replace a normal AntiVirus and can offer even more, as they can effictively can respond to an attack, isolate the end device or restore destroyed data. After that you can analyse the attack. We're using SentinelOne for us and our customers and are more than happy, as we're protected against new and old ransomware

it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2020-05-27T03:42:17Z
May 27, 2020

EDR is an add-on for Endpoint Protection. EDR is for detecting post-intrusion threats or persistent advanced threats. EDR enables identification and prevention of reconnaissance attack, lateral movement, command and control channel and data filtering. EDR can also analyze user behavior against a baseline.

TC
IT Security Architect at a computer software company with 51-200 employees
User
2020-05-26T21:15:19Z
May 26, 2020

Yes, EDR will replace traditional A/V with most solutions. Make sure to validate with your vendor but the reputable ones certainly cover A/V. You do not need to have both as this is unnecessary overhead. Any (reputable) EDR will have known bad MD5 already included.

MD
IT Project Manager at a tech services company with 51-200 employees
User
2020-05-28T20:10:18Z
May 28, 2020

There is never 100% security and I'm warning of using too much end-point-protection on the client, as each one has a little bad impact of performance.
And when using two they will slow down each one.
To replace an Anti-Virus just use a good EDR, which replaces the AV and which does even more.

2020-05-26T15:34:52Z
May 26, 2020

Yes, it is a good level of protection to have EDR alone, but for better protection I recommend having the two solutions together but with different manufacturers between EDR and AV

Related Questions
Fernando Elias Gonzalez Hernandez - PeerSpot reviewer
Cyber Security Manager at Maxitransfers LLC
Nov 9, 2022
Hi, I'm looking for an EDR with low resource consumption and very robust for 270 computers. Any suggestions? Thank you--- <Original question> Estoy buscando un EDR con bajo consumo de recursos y muy robusto para 270 equipos de computo Sugerencias? Gracias
2 out of 12 answers
Hi Fernando, Nice to meet you! From Sofistic we can help you with SOC and Crowdstrike EDR!
Pieter Plas - PeerSpot reviewer
Owner at Beerepoot Automatisering B.V.
Jul 26, 2022
Hi Fernando, I’m very happy with Kaspersky. Good value  for your money. Good support when you need it. The console gives you more than only antivirus, but also patch management for 3th party software and so many more. And i believe the best anti ransomware in the world. With kind regards,
EB
Director of Community at PeerSpot (formerly IT Central Station)
Sep 12, 2022
Hello community members, Could you please share 2-3 of the top pain points you've been experiencing during the Endpoint Detection and Response (EDR) solution purchase? Have you been able to overcome them? How? Thanks for sharing your experience with other peers.
2 out of 6 answers
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jul 6, 2022
Hi @Evgeny Belenky​, A few points that need emphasis when deciding on the EDR are as below:  1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both? 2) How does the solution detect unknown threats. Does it have machine learning capabilities? 3) If the solution does claim to utilize machine learning, what type of machine learning is used? 4) What technology is deployed to prevent exploit-based and file-less attacks? 5) Is the solution specifically designed to stop ransomware? 6) Does the solution’s creator have third-party results that validate their approach? 7) Can the solution ask detailed threat hunting and IT security operations questions? 8) What visibility is provided into attacks and can the solution respond automatically.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 7, 2022
Hi @Devanand PR, @Basil Dange, @Nadeem Syed, @Abbasi Poonawala ​and @Dalvarado, ​ ​ ​ ​ Can you please share your professional insights with your peers? Thanks and we appreciate your collaboration.
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 2, 2022
@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 2, 2022
Hi peers, We're happy to share our new bi-weekly Community Spotlight with you. Here you'll find recent contributions by PeerSpot community members: questions, articles and trending discussions. Trending See what your peers are discussing at the moment! What to choose: an endpoint antivirus, an EDR solution, or both? What is your recommended IT Service Management (ITSM) tool in 2022? W...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Download Free Report
Download our free Sophos Intercept X Report and get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
DOWNLOAD NOW
670,331 professionals have used our research since 2012.