2022-04-25T21:05:00Z

What to choose: an endpoint antivirus, an EDR solution or both?

Hi community professionals,

I am looking for your advice on whether it makes sense to use both an endpoint antivirus and an EDR solution simultaneously? What are the pros and cons of using each one or both simultaneously?

*In terms of products, I've been looking at CrowdStrike Falcon, Microsoft Defender for Endpoint, and ESET Endpoint Security.

Thanks for the help!

ΔΠ
User at Remedy
  • 8
  • 425
Share
9
PeerSpot user
9 Answers
ChandanMunshi - PeerSpot reviewer
Chief Technical Officer at Provision Technologies LLP
Real User
Top 5
2022-04-27T13:18:43Z
Apr 27, 2022

EDR (or XDR) is the new coinage for endpoint security technology. 


Although those good old days antivirus software were doing the same thing, signature-based detection and response against that defection. But the modern threat vector has changed a lot and everything is quite complicated these days. So, the protection mechanism also. 


Almost all leading cyber security software vendors have come up with newer versions of endpoint protection, sometimes with AI as well. 


So, if there is an option, it is always better to go with EDR of anything "*DR". But keep in mind that cyber security has to be implemented in every layer of ISO. 

Like(3)
Reply
Search for a product comparison in EPP (Endpoint Protection for Business)
Go!
MK
Deputy Technical Manager (SOC Operations) at a tech services company with 1,001-5,000 employees
Real User
Top 5
2022-04-28T05:31:48Z
Apr 28, 2022

Next-Generation Antivirus (NGAV) uses a combination of artificial intelligence, behavioral detection, machine learning algorithms, and exploit mitigation, so known and unknown threats can be anticipated and immediately prevented.


Endpoint detection and response (EDR) is a solution that combines data collection, data analysis, forensics, and threat hunting, with the end goal of finding and blocking any potential security breaches in due time.


For the current attack landscape, you need both NGAV + EDR in a single product for better protection & remediation.


but the current trend is


XDR (Extended Detection and Response) collects and automatically correlates data across multiple security layers – email, endpoint, server, cloud workload, and network. This allows faster detection of threats and improved investigation and response times through security analysis.

Like(2)
Reply
NavcharanSingh - PeerSpot reviewer
Senior Seo Executive at RTDS
Real User
Top 20
2022-09-15T12:44:58Z
Sep 15, 2022

The benefits of EDR over an antivirus solution are:


1. Behavior-based detection blocks advanced threats
2. Forensic analysis capabilities help with detailed investigations
3. Sandboxing capabilities safeguard your network environment
4. Automated remediation and instant threat removal
5. Threat pattern identification for easy detection in the future
6. Centralized security and enhanced endpoint visibility

Managed EDR exceeds traditional antivirus in multiple ways. It can detect the unknown and emerging threats missed by AV solutions. With real-time responses and extensive forensic analysis capabilities, managed EDR is, without a doubt, the superior endpoint security solution.

Read more: Managed EDR Over Antivirus

Like(1)
Reply
ArindamPal - PeerSpot reviewer
User
Real User
Top 20
2022-04-27T13:30:38Z
Apr 27, 2022

Antivirus lifeline (as a separate tool) is limited now. 


All the products are now combining EPP and EDR into a single solution. I would rather prefer to go with XDR solutions which will help to detect and as well as remove the existing one from the system.

Like(1)
Reply
AS
Principal Consultant at 1net
User
2022-04-27T01:35:57Z
Apr 27, 2022

The “Antivirus” protection technology is replaced by EDR which does include a modern version of “antivirus” along with other ways of device protection. 


Multiple vendors provide EDR: Trend Micro, Cisco, etc.


The more current technology is XDR.

Like(1)
Reply
DC
Chief Information Security Officer at Canara Robeco Asset Management Company Limited
User
2022-09-19T06:01:33Z
Sep 19, 2022

I agree with most of the responses. SentinelOne, CrowdStrike, and Carbon Black are solutions that most enterprises use but if you are looking at a comparison/necessity of an endpoint solution vis-à-vis an EDR/XDR solution I believe the endpoint solution is as good as a dead investment. The current EDR / XDR is capable to replace the av. Keeping both solutions together will lead to issues with end-user performance and productivity loss. Obviously, it is your choice to judge security and productivity but keeping both solutions in an extremely critical environment can help you someday as well in a zero-day sort of attack which the AV OEM detects, and all these sophisticated solutions won't. So my take is you are the best judge of your environment. It's your choice.

Like(0)
Reply
Buyer's Guide
Microsoft Defender for Endpoint
May 2023
Free Report: Microsoft Defender for Endpoint Reviews and More
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
708,830 professionals have used our research since 2012.
MB
Client Solution Services Manager at 2TS
User
2022-09-16T11:53:23Z
Sep 16, 2022

I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple high-powered endpoint security modules into a single, cloud-based security platform.

Like(0)
Reply
JB
Technical Director - RPA at Diversified Robotic
User
2022-07-31T23:57:25Z
Jul 31, 2022

Most EDR solutions are EDR + EPP (Endpoint Protection, formerly called antivirus).


My opinion is: never run 2 different vendors in real-time (antivirus and/or endpoint security solutions) on the same machine, as either conflicts will most likely arise or CPU usage will go high.

Like(0)
Reply
CP
Partner Account Manager 🔆 at SEC DataCom A/S
Reseller
Top 20
2022-04-26T07:14:32Z
Apr 26, 2022

If you look at a product like SentinelOne, it is both EPP and EDR (and much more...). In that case you only need this single product.

You could take a look at this short explanaition on YouTube: EDR? EPP? Both?!? See how to explain SentinelOne in just 2 minutes

Like(0)
Reply
Related Questions
Avigayil Henderson - PeerSpot reviewer
Content Development Manager at PeerSpot
Mar 15, 2023
Are there endpoint protection platforms that offer threat-hunting or SOC services?
Hello community,  Please share with the community what your thoughts are based on your personal experience. Thank you.
See 2 answers
LW
Content Editor at PeerSpot
Mar 14, 2023
Endpoint protection platforms (EPPs) have evolved beyond traditional antivirus software to offer advanced threat detection and response capabilities. Many EPPs also offer threat-hunting or SOC services to provide organizations with real-time visibility into security incidents and remediation recommendations. Among the EPP providers that offer these services are the following, and, obviously, this is just a sample but, hopefully, also a good start: CrowdStrike Falcon Complete Kaspersky Endpoint Security has an Endpoint Detection and Response McAfee (Trellix) Endpoint Security Managed Detection and Response (MDR) Palo Alto Networks Unit 42 MDR Service for Cortex XDR SentinelOneVigilance Respond Sophos MDR Symantec (Broadcom) Endpoint Protection Managed Endpoint Detection and Response Trend Micro Apex One Managed XDR VMware Carbon Black MRDR Sophos MDR is interesting in that it leverages other providers' cybersecurity technologies including telemetry from AWS, Check Point, CrowdStrike, Darktrace, Fortinet, PAN, and others.
Read full answer
Nikki Webb - PeerSpot reviewer
Global Channel Manager at Custodian360
Mar 15, 2023
Yes, there are endpoint protection platforms that offer threat-hunting or SOC (Security Operations Center) services, and Custodian360 is one of them. Endpoint protection platforms (EPPs) are security solutions that are installed on endpoint devices to detect, prevent, and respond to cyber threats. Threat-hunting is a proactive approach to cybersecurity that involves actively searching for threats and vulnerabilities that might have evaded traditional security measures. SOC services involve monitoring and analysing security events to identify and respond to security incidents. Custodian360 is a comprehensive endpoint protection platform that offers both threat-hunting and SOC services. It uses a combination of signature-based and behavior-based detection to detect and respond to cyber threats in real-time. The platform has a built-in threat-hunting engine that continuously scans endpoints for signs of compromise, and it also has a team of expert analysts who perform manual threat-hunting to identify and respond to advanced threats. Custodian360's SOC services include 24/7 monitoring and analysis of security events, incident response, and forensic investigation. The platform also provides detailed reporting and analytics to help organisations understand their security posture and identify areas for improvement. In summary, Custodian360 is an endpoint protection platform that offers threat-hunting and SOC services, making it an ideal solution for organisations that want comprehensive protection against cyber threats.
Read full answer
Avigayil Henderson - PeerSpot reviewer
Content Development Manager at PeerSpot
Mar 13, 2023
Which endpoint protection solutions work with Linux, Windows, and MacOS, as well as legacy infrastructure?
Hello peers,  Please share your input and help out fellow peers. Thank you.
See 2 answers
Disha Shah - PeerSpot reviewer
Technical Associate at HTH Global Network
Mar 3, 2023
Cortex XDR from Paloalto have solution for all three and talking about legacy infrastructure can you name some of them??
Read full answer
LW
Content Editor at PeerSpot
Mar 13, 2023
There are several endpoint protection solutions available that can provide protection for endpoints running on Linux, Windows, and MacOS. Among them are Symantec (Broadcom) Endpoint Protection, Trend Micro Apex One, McAfee (Trellix) Endpoint Security, Kaspersky Endpoint Security for Business, ESET Endpoint Security, Palo Alto Networks Cortex XDR and, perhaps surprisingly (but then again, not) Microsoft Defender for Endpoint. (This is not an exhaustive list). However, the devil is in the details regarding which versions of an OS and what kind of hardware requirements a given solution supports. You need to closely check the specifics of the range of devices you have with what a given vendor covers. It's also important to note that for agent-based solutions, the minimum processor requirements may allow you to install the product, but if you're just getting by in that regard, there could be issues with computer performance. Symantec supports a fairly broad range of Linux and Windows Embedded versions, but does not support application control on Mac, Windows Servers, Windows Embedded, Linux, or mobile devices. Trend Micro Apex One's agents support support from macOS High Sierra 10.13 to macOS Monterey 12, on Apple M1, Apple M2, or Intel® Core processors. To protect Linux file, web, and application servers with Trend Micro, you'll need its ServerProtect product. McAfee handles Windows 8.1, 10, and 11, and offers limited customer service if you try running it on Windows 8.0 and 7.x. For macOS it goes as far back as Mac OS X 10.10 and through to macOS 12 (Monterey). For Linux it offers limited coverage: Ubuntu 16.04, Ubuntu 18.04, and Ubuntu 20.4. With Kaspersky Endpoint Security for Business you get Windows, of course, and pretty extensive Linux coverage, with nine 32-bit OSs covered, and literally dozens of 64-bit Linux flavors. Mac coverage is included in the Advanced and Select versions of Kaspersky ESB (and you also get Android and iOS). ESET Endpoint Security will work with Windows 7 - 11 (although some features are not supported on ARM processors) macOS 10.12 and up, and a couple of 64-bit Linux systems: Ubuntu Desktop 18.04 LTS and RHEL Desktop 7. PAN Cortex XDR supports Windows 8 - 11 as well as macOS as far back as 10.13 with its 7.5-CE release. Subsequent 7.x releases cover later macOS versions (with 7.7.3 and later handling macOS 13.x). Cortex XDR only supports 64-bit Linux and you have to install a supported kernel module version, but it does cover a good selection of the main Linux offerings including CentOS, Debian, Oracle, RHEL, openSUSE, and Ubuntu. Microsoft Defender for Endpoint has coverage for macOS 11 (Big Sur), 12 (Monterey), and 13 (Ventura), although Big Sur requires some additional configuration. It also protects more recent versions of RHEL, CentOS, Ubuntu, Debian, and Oracle Linux. Android (6.0 and higher) and iOS (11.0 and higher) are also available. As for legacy systems, it's best to explicitly ask the vendor if they cover the particular hardware/OSs you have. For example, older versions of Symantec Endpoint Protection 14 cover Windows as far back as Vista, and Windows Server as far back as Windows Server 2008 (RTM, SP1, SP2).
Read full answer
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there. However, solutions vary greatly in terms of how effectively they can protect your network. I want to help you make the best decision possible, so here are some questions to ask before buying an endpoint security solution, and why they are important. 1) Does the solution employ Foundational Tech...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Feb 4, 2022
Community Spotlight #7
Hi dear community members, This is our latest community digest. It helps you catch up on recent contributions by community members. Comment below with your feedback and suggestions! Trending What are the Top 5 cybersecurity trends in 2022? What are the main benefits of modern IT Asset Discovery tools? Tip Post an educational article from your Home feed and receive 20 point...
See 1 comment
reviewer1577907 - PeerSpot reviewer
Manager at PeerSpot
Feb 4, 2022
Thank you, these community Spotlights are very handy!
Read full comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Spotlight #2 (Community Digest) by IT Central Station
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Categories
EPP (Endpoint Protection for Business)
Anti-Malware Tools
EDR (Endpoint Detection and Response)
Related Questions
Mar 15, 2023
Are there endpoint protection platforms that offer threat-hunting or SOC services?
Mar 13, 2023
Which endpoint protection solutions work with Linux, Windows, and MacOS, as well as legacy infrastructure?
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Read more
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Aug 9, 2022
8 Questions to Ask While Selecting an Endpoint Security Solution for Your Business
If you’re weighing your options for endpoint security solutions, there are many options out there...
Read more
Download Free Report
Download our free Microsoft Defender for Endpoint Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
708,830 professionals have used our research since 2012.